How to Protect a (new) WordPress blog from hackers!

WP Rocket - WordPress Caching Plugin

Protecting your new WordPress blog should be a top priority especially if your copy is self-hosted.

A common deadly mistake I see around is a hurry to start pulling traffic and publishing articles on a newly installed self hosted blog without taking some necessary security steps. That’s foundation for disaster.

This is part 6 in the series to build a money making blog. If you missed the other 5  parts, here is the front page for a list of contents.

In part 5, we saw how easy it is to install WordPress. As a matter of fact, it takes less than 3 minutes to get a copy installed.

NB: I recommend WPX Hosting,Siteground orBluehost to host your WordPress site.

WPX Hosting does daily automatic backup of your site (For free) and keeps copies for 2 months. Backup is the foundation of every safety major you are ever going to implement on your blog.

In part 7, we are looking at setting up the right theme to monetize your blog.

NB: 9 ideas to create your new business on WordPress

The copy we installed in part 5 is still virgin and vulnerable to attacks and damages. In this part, we are going to implement basic and solid security to our fresh copy. While it is not common to have a 100% secured blog, it’s going to keep you very safe from your end.

How to protect a new WordPress blog

Basically, what we will be doing here is to:

  • Change some critical database setup entries,
  • Rename some key directories,
  • Rename some key urls,
  • Lock the admin access,
  • Secure against brute force attacks,
  • Setup backups,
  • etc.

I don’t need you to have any technical knowledge in PHP. The good news is that all of this will be achieved simply by clicking buttons, thanks to one highly recommended plugin.

Login to your WordPress dashboard and be sure you upgrade to the latest version of WordPress. That’s the first thing to do.

Next, on the left menu, point your mouse to “Plugins” and click “Add new“. The window that opens should be something similar to the image below:

secure a new wordpress blog

Enter “iThemes” in the search field and click hit the Enter keyboard key. You should have it as the first entry on the list of plugins on the result page.

Click “Intall Now” and “Activate

ithemes security

After activation, you should have a new entry on the left menu of your WordPress Dashboard. Look for “Security” and click it.

NB: I’m going to have to ask you to go straight to the plugin website here for updated instructions on how to have it setup.

The reason is that the team behind this wonderful plugin keeps working and changing the interface. In order not to mislead you, go to the security section of their website for the latest update.

See you on part 7 here. Share your thoughts in the comment box. Also share on social media.

Web Hosting Siteground Wins the race. Make no mistakes about it !

Siteground has been voted the best WordPress and Website Hosting of 2019 by top WordPress bloggers and Webmasters. See details of survey or visit Siteground here

Enstine Muki

Certified Cryptocurrency Expert, Problogger and Serial Entrepreneur


buddy there is one plugin but a little advanced one ,its hide my wp its worth the money.

    Enstine Muki

    Hi George,
    I’m aware there are other plugins out there but basically, they do the same things. However, some may have more advanced options but for pretty new sites, the options we get from this free plugin is quite good to go with.

    Thanks for your visit and comment this weekend


      Yes you are right, there is one simple free plugin with minimal config its limit login plugin,good for new sites.

Abid Omar

Hi Enstine,

Nice post and well written. This post give me so many security ideas. I setup my blog on WordPress 2 months before and didn’ think about the security of my blog. I installed ‘Better WP Security’ but didn’t customize it. Now it is the time for it. My friend said me about changing the wp-admin to custom one some days before. But, I didn’t know it. So, I understood it from this post. Thanks Again πŸ™‚

Abid Omar

    Enstine Muki

    Hi Abid,
    Good to know this post was useful and thanks for stopping by and leaving a comment.
    Do have a wonderful week

Erik Emanuelli

Fantastic tutorial, Enstine.
The blog security should be a priority for every serious blogger.
Noone would like to lose all the efforts and hard work done on his site.
I use also “Limit login attempts”, which blocks users after n.(the number you set) failed login attempts.
Thanks for sharing!
Have a great sunday!

    Enstine Muki

    Great Erik! Security is a crucial issue especially with WordPress

    Thanks for your contribution

Piyush Mathur

Hi Enstine,

I have a question –

What if you have a blog with some posts, say around 50-70, and haven’t changed the blog’s database table prefix then will it be a problem if we do it now?

In other words:

Can we change the blog’s database table prefix if we have some blog posts?



    Enstine Muki

    Hi Piyush,
    All things being equal, there shouldn’t be any issue. However, it’s important to create a backup copy before any changes.

    Thanks for the question

    Nabeel Shamshad

    Hey Piyush,

    I just followed the steps outlined above. Changed the table prefix and my blog is not new. Nothing happened and everything works fine as it did before.

    But still you must back your database up.

Jeevan John

Hiding back-end? Now, that is cool!

I will definitely give this one a try, Enstine. Thanks for the tip!

I already have taken care of many things, such as changing the table prefix (picked it up from Babanature’s blog).

I am wondering why I haven’t seen any bloggers writing about this plugin. This will surely help πŸ˜€ Thank you once again. Hope you had a wonderful weekend!

    Enstine Muki

    Hey Jeevan,
    Hope you are doing great

    How is it going with you?


Hi Enstine,

This is my first comment here, on your new blog. It is a very nice blog and you started in force. I like it.

The topic of blog security is a hot one these days. I read your post and bookmarked for later use… if I decide to install Better WP Security.

It is very interesting to look at that list provided by the plugin and to understand the vulnerabilities of my blog.

My problem is that my blog is not new. Some things are already changed (like the admin name) and I do not know the effect the plugin will have on the old settings.

One more thing: If you change some things (like the admin name or the table prefix of the database) with Better WP Security and later, for any reason, you decide to uninstall the plugin, what happens with the settings. Do they revert to the previous settings, those before the plugin or they are maintained.?

I don’t want to be dependent on any plugin. So, how would the un-installation of the plugin affect the settings?

Have a wonderful day

    Enstine Muki

    Hey Silviu,
    Hope you are doing great

    Thanks for leaving this first comment. How is it going with your blog today?

Mohammed Yaqoob

HI There,

Hackers growth is increasing these days as many hackers are developing different tools to hack wordpress blogs. However, This tutorial is best and will surely help wordpress users to secure their blogs from hackers. This is also going to help for securing my own blog

Thanks man for sharing such awesome post and plugin.
Mohammed Yaqoob.


i also want to protect my blog but what if this plugin have some loophole that can lead to certain bad things. Plz let me know

Moyosore Ogunbuyide

Enstine!!! Fantastic Nice post and well written tutorial, Gotten useful tips for better security to my web page. Thanks


Hi Enstine
As security is my primary concern, I was is search for a good security plugin for my wordpress blog. Thanks for reviewing such an awesome plugin. I don’t need to be professional or skilled to use this plugin and i can keep a control over my blog easily.

Thanks Enstine .. Keep writing πŸ™‚

Nabeel Shamshad

Hello Enstine,

Very nice info there. Had been thinking of securing my blog but needed a recommendation and some easy to handle info. Just installed the plugin followed the steps.


    Enstine Muki

    Hi Nabeel,
    This is the way to go about it. The plugin is free so try it out πŸ˜‰

Nicole Pary

Hey Enstine,
One of the major issue in these days is security to own blog, ithemes Plugin is suitable for us.
Thanks for shared an useful article and enjoyed to reading this article.

Brenda Pace

Hi Enstine,

This is a really great post! For someone who is new to blogging and self-hosting, I’m sure Security is one of the last things they are thinking about. There are so many good security programs out there that finding the perfect one can be confusing. I thank you for this great tutorial as I know several who may benefit from it. Passing it along!

Happy Monday!


    Enstine Muki

    Hi Brenda,
    Thanks for stopping by and making my Monday beautiful πŸ˜‰ with a sweet comment.

    hope your week too is sweet πŸ˜‰

Kurt Kummerer


Fantastic tutorial my friend. Thanks for putting it together and sharing. There is a lot of time and effort involved. Yeah, having all that hard work go to waste without being secure would be a bummer.

Have a great Monday!


    Enstine Muki

    Hey Kurt,
    Security is an issue online and no one is ready to be pulled down after having put in such hard work. Hope your blog too is secured, buddy πŸ˜‰


That’s one awesome plugin. I haven’t used WP in ages and is therefore unaware of what plugins are must-haves for any blogger and this is an eye opener.

On a slightly related note, the whole series sounds so full of great info that I’m going to definitely go over them. Thanks!

Akaahan Terungwa

Hi Enstine,

This entry will actually save some new blogger who will likely get into trouble otherwise…

Presently, I use Wordfence (which is super awesome by the way) but would have really loved the feature enabling ‘backend hide’. Since I couldn’t get it, I opted for the next best alternative: completely whizzing off the login form once a wrong username or password is entered πŸ™‚

However, I’ll just installed iThemes Security on one of my new sites to see just how it will respond (as compared to WF).

Keep up the good work – and let hackers simply go to hell!

Enjoy the day!

Akaahan Terungwa

    Enstine Muki

    Hey bro,
    I hear WF too is great. Well, in any case, I think both have their different limitations and the only way to know what’s better is by testing.

    Please share your results, probably in a blog post to help us with more info on both

    Thanks for being part of the post today, buddy

Harleena Singh

Hi Enstine,

Good to be back to the blogosphere after a while πŸ™‚

This is a good step-by-step tutorial of iThemes Security plugin. We use it on one of our blogs. We used it earlier, but it had a conflict with the blog theme or plugins. If you have a fresh site, then you can go ahead and change the directory and file names or prefixes. Though most of these operations can be carried out using codes or manually as Vinay does them on our blogs, iThemes certainly saves time and efforts. Most importantly, it’s free version itself is good enough for you.

Thanks again for this post. Have a nice week ahead πŸ™‚

    Enstine Muki

    Hey Harleena,
    Good to see you back and welcome πŸ˜‰

    I’m particularly waiting for your personal blog which is more targeted to my audience too. We’ve got a lot to share there πŸ˜‰

    Wow! I didn’t know Vinay does that on your blog. But for non-techies, this plugin comes in handy πŸ˜‰

    My regards to Vinay. Hope you both are having a wonderful week

Harshul Jethwani

Hey Enstine,
I also use this plug-in from a long time and it has been benefiting me. This post is much useful for newbie blogger as I have seen that these days many sites are attacked by hackers even my friend was hit by them,but he successful got back everything.
Harshul Jethwani.

Rekhilesh Adiyeri

Yes now a days hackers really playing hard with word press blog, even my low traffic blogs get hacking attempts. I use another plugin right now but would like to try your suggestion. Thank you Enstine.

Kore Duke

Hi Enstine,

Thanks for sharing such wonderful post.

One of my friends has just been hit by these hackers and it’s not a pleasant experience for him. I told myself it’s time to protect my blog from hackers so am going to use this guide.

This post will come in handy for anyone that wants to protect their blog.

Have a great day!

    Enstine Muki

    Wow! Please get your blog secured asap!
    It may not be 100% but the level you get can really keep a bunch of those bad guys away πŸ˜‰

    Thanks for being part of my community, Kore


I only use Limit Attempts Login on my wordpress blog but i will try this plugin.
Is it only for new blog ?

Theodore Nwangene

Great tips Enstine,
We all know how important it is to ensure that our sites is well secured from those bloody hackers in fact, I’m once a victim and because of that, I’m now very careful.

However, i love the tips you shared here and I’m sure it will help anyone to have a well secured blog if followed very well.


Thanks a lot for the post, it surely is a lifesaver for many. Nothing sucks like being hacked. I would appreciate if you consider tackling how to deal with the same issue on custom sites which are non-WordPress.


It’s such an amazing article. It’s great to know how active you’re in the blogging community and providing such amazing tips and techniques. Keep inspiring. Also we can achieve security for wordpress by not allowing world access to wp-config.php

Quamarul Islam Manna

Hello there, thanks for your great post on WordPress security. I use iThemes security plugin. But I’m using a custom permalink structure as domain.com/category/post-name. Now if I change it, how will Google take it?


There are so many fake registrations happening to my blogs these days and just because of this i had to remove the registration process. Is there any plugin to register authorized author for my blog?

John Crooks

Thank you for the list. I’ve since checked into Wordfence and I love that it has its own caching program. I’ve been using WP-Super Cache but have had trouble with it conflicting with other plugins. After installing it, I checked my site speed over at pingdom and found it to be back below two seconds. Thank you.

Mohd Arif

I would argue that UpdraftPlus is the best backup program for WordPress. It’s the most downloaded backup plugin on WordPress. this is the best plugin by which we can get out websites backup directly on google drive or any other cloud platform


Thanks for this information on security breach in WordPress. I have really been looking for more information on this.


Another Great Article, Thanks Enstine sir.
in past i was using One Click Wp Security plugin but this itheme’s Security plugin is more advance and better thank you again πŸ™‚

Daniel Palmier

Hey Enstine,
Your article is too good,It is really useful me and I never know about blog hacker, Today I learn something new only because of your article,Thank you so much for wonderful sharing with online and again thank you.
With Regards,
Daniel Palmier.


Awesome post and a must read for every blogger. Security is one of the biggest concern of internet these days and keeping your WP secure one have to make sure proper back-up and other key parameters has been taken care of . Thanks for sharing this useful article.

[Please delete the previous comment as the email id was provided wrongly.]

Abishiekh Jain

Awesome stuff to secure your WordPress blog πŸ™‚ Great
Check this for more tips on How to Secure your websites -: https://www.hackersdenabi.net/best-ways-to-protect-your-website-from-hackers/

Mohd Arif

I really love the security plugin called Wordfence. It allow me to auto block any IP trying to hack my site, it notifies me of out-of-date plugins, and if you do get hacked it will show you which files have been changed, then show you a comparison of before and after, and easily allow you to go back to the previous version of any file. The basic model is also free with the option of a more advanced paid model. Very slick and super easy to set up and use.

Tarek Jamil

Thanks for sharing great information. Currently, I am not using wordpress. But I bookmared your post for later when I will create a wordpress site. Your wordpress security post really looks like helpful. Thanks again.


I think, Backup must be done often or else we can use automatic backup plugins. And Thanks a lot for sharing such a wonderful Post.

Nikhil Ganotra

Hey Enstine,

I just came to know about iThemes plugin for WordPress. Since, I have started my blog in 2013, I am relying on WordFence and BulletProof WordPress plugins for my sites. Though, these both are great plugins but still I will give a try to iThemes.

Thanks a ton, Enstine! πŸ™‚

Himadri Saha

This is totally something new for me. I am blogging since the last 4 years and did not hear about iThemes plugin. After reading your blog, I believe this is an essential plugin for all the WordPress bloggers. Thanks for sharing this wonderful information.


Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one


How can one recover after being hacked on a non-wordpress website? I recently had one of my websites hacked and seems like it is affecting my performance in search engines. I would appreciate any guides that have proven to work especially in restoring one’s rankings.

Rohit Rajagopalan

This is an awesome article on how to protect ones WordPress from hackers. Great tutorial and it is very easy to follow too. We definitely need more articles like these. Everyone must secure their blogs and/or websites immediately if they haven’t already done so.

Oge Daniel

Wao! I actually do not know much about this security tips, even the plugin sound strange to me. Thanks for this awesome write-up, I am implementing it right away.


Thank you so much Enstine.

I just configured the itheme security plugin on my blog. The configuration was a little bit headache but it worked.



Another great article, Thanks for sharing this article with us it is a worth read

Mansoor Bhanpurawala

Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one


You have brought up some amazing tips and secrets to secure a new wordpress blog. These days the WordPress blogs are being hacked, so these tips can be really helpful.

Vinit Patil

Hello Sir ,
Thanks A lot

I have started a new wordpress blog , is it safe to use nulled wordpress themes ?

Rohan Singh

Hey Enstine, Thank you for the images you added above to show the process. It was confusing to setup this plugin.

Rajesh Rai


Security is the primary concern for webmasters nowadays. My website was also had a security glitch and beacuse of that I was getting a DDOS attack! It took me about 12 hours to get rid of the issue.

Well, thanks for reviewing such an awesome plugin. This will be very useful.

Thanks for sharing it with us!

Keep up the good work!


Another thing you can do as-well that will make your blog load much quicker is setup a VPS. With a VPS you will basically have your own server vs with shared hosting you could have over 100 other users on the same box.

There are tons of different hosts available and setup isn’t too difficult. There are even guides for it.

Abdul Haseeb

Hello Enstine,

Security is really essential for sites these days. When I was new to WordPress then I was having some class mate who use to think that WP is secure, it can’t be hacked. But, now, I laugh on this because according to some studies, WP sites face the most hacking attempts.

Anyways, your article is really nicely written. It’s a quick post for those who want to learn how to start securing WP blog.

All points are good but I love one thing. Which is hiding the backend of the site. πŸ˜‰

That’s all from my side!


shahinur Islam

I was searching like this post and finally I found out this article thanks for sharing this great article. Thank you very much.

Roger Nelson

Hi Enstine,

Thanks for posting how to improve WordPress security because most of the small businesses use WP for their site. They don’t know about WordPress security. In this post, you explained with easy to understandable screenshots. That will be helpful for even WordPress Beginners.



Now my blog is completely secured . I first chosen a free theam checked that theam and found it was suspicious . Thanks man

Divakara Ganesh

hello Enstine Muki

Thanks for sharing the security tip.


Dear Enstine

It was in deed a great information on security, apart from ithemes there are many other plugins available, even our friend george is also saying the same.yes agreed.

I have tried to cover some other wordpress security plugins, I personally invite you to review my article and let me know anything to be added, to give better understanding to newbies

John's BlogKarma

No offense. Hackers can turn off security plugins if there are any backdoors. So better WP sites need to get updated and backed up regularly.

Aksa Sahi

this is a favorable editorial, it help me act my invasion more precisely and adequately. than to executive to help us. such to some extent adroit data rightly add to the information of population groups who have a passion of deviation information

Aksa Sahi

this is really an amazing

oz such an amazing way. this help to build the high level of business. I really

like this and want to learn more and more tips like this. do you have any backlink

generating methods ?

Aksa Sahi

It was a good blog and very informative too. I want to add one thing that inbound

marketing will surely help any online business to expand and find more clients.

This article is very good and informative,writer effort is great and you get all


Danish Ansari

Hey Enstine,

I must admit that it is a well-written blog with all much-needed security tips and tricks!

Previously I’ve never given a thought of my website’s security but now I should tell you that it is as necessary as content on your website.

Thanks for sharing such an amazing post.


It is a well known fact about security & as same for the blogs. The overall content was effective as well as useful also for the security purpose.

Well, at present i work on wordpress & your blog/content has a exact point. And also for the secured blog.

Thank you for sharing the stuff. Keep going. Have a nice day.

I think the websites should also be made secured. So regarding that, i’m attaching a link below for the particular stuff. i hope it might be useful.



Emma Eva

the method you shared to secure wordpress blog is really informative and helpful πŸ™‚ i found this very helpful thanks for sharing your knowledge in this post πŸ™‚

Areesha Noor

Hi Enstime Sir,

Great post indeed!

It’s a great plugin to secure your website from hackers. I think I used this plugin one of my sites before.

Anyway thanks sir for giving us great plugin.

Areesha Noor!


Hi Enstine,

returning to your blog after a very long time. Feels sort of bad to see that you have removed the commentluv thing. But the blog is still good, theme is new and everything is awesome.

I also think that wordpress users need to be focused about their blog’s security.Awesome advice you shared.

Thanks for sharing.


Another great article, Thanks for sharing this article with us it is a worth read.

Alisha Ross

Thanks for a very helpful article. I can see how these Plugins can add benefits & functionality.
I hear different opinions as to β€œhow many WordPress” Plugins you can use on 1 website without degrading load times & optimization.
1. What is your view as to how many are too many?
2. Can you use most Plugins when needed and disable when not using?


iThemes WordPress security plugin sounds good to be given the chance for security. But I am currently using the Wordfence Security Firewall & Malware Scan

Comments are closed