How to Protect a (new) WordPress blog from hackers!

Protecting your new WordPress blog should be a top priority especially if your copy is self-hosted.

A common deadly mistake I see around is a hurry to start pulling traffic and publishing articles on a newly installed self hosted blog without taking some necessary security steps. That’s foundation for disaster.

Can’t access your site? Have you been hacked? Lost your password or entire account? Are your core files compromised? The free Emergency Recovery Script will solve your nightmare with a single click.

This is part 6 in the series to build a money making blog. If you missed the other 5Β  parts, here is the front page for a list of contents.

In part 5, we saw how easy it is to install WordPress. As a matter of fact, it takes less than 3 minutes to get a copy installed.

NB: I recommend WPX Hosting,Siteground orBluehost to host your WordPress site.

WPX Hosting does daily automatic backup of your site (For free) and keeps copies for 2 months. Backup is the foundation of every safety major you are ever going to implement on your blog.

In part 7, we are looking at setting up the right theme to monetize your blog.

NB:Β 9 ideas to create your new business on WordPress

The copy we installed in part 5 is still virgin and vulnerable to attacks and damages. In this part, we are going to implement basic and solid security to our fresh copy. While it is not common to have a 100% secured blog, it’s going to keep you very safe from your end.

How to protect a new WordPress blog

Basically, what we will be doing here is to:

  • Change some critical database setup entries,
  • Rename some key directories,
  • Rename some key urls,
  • Lock the admin access,
  • Secure against brute force attacks,
  • Setup backups,
  • etc.

I don’t need you to have any technical knowledge in PHP. The good news is that all of this will be achieved simply by clicking buttons, thanks to one highly recommended plugin.

Login to your WordPress dashboard and be sure you upgrade to the latest version of WordPress. That’s the first thing to do.

Next, on the left menu, point your mouse to “Plugins” and click “Add new“. The window that opens should be something similar to the image below:

secure a new wordpress blog

Enter “iThemes” in the search field and click hit the Enter keyboard key. You should have it as the first entry on the list of plugins on the result page.

Click “Intall Now” and “Activate

ithemes security

After activation, you should have a new entry on the left menu of your WordPress Dashboard. Look for “Security” and click it.

NB: I’m going to have to ask you to go straight to the plugin website here for updated instructions on how to have it setup.

The reason is that the team behind this wonderful plugin keeps working and changing the interface. In order not to mislead you, go to the security section of their website for the latest update.

See you on part 7 here. Share your thoughts in the comment box. Also share on social media.

82 thoughts on “How to Protect a (new) WordPress blog from hackers!”

  1. Another thing you can do as-well that will make your blog load much quicker is setup a VPS. With a VPS you will basically have your own server vs with shared hosting you could have over 100 other users on the same box.

    There are tons of different hosts available and setup isn’t too difficult. There are even guides for it.

  2. Hii,

    Security is the primary concern for webmasters nowadays. My website was also had a security glitch and beacuse of that I was getting a DDOS attack! It took me about 12 hours to get rid of the issue.

    Well, thanks for reviewing such an awesome plugin. This will be very useful.

    Thanks for sharing it with us!

    Keep up the good work!

  3. Hey Enstine, Thank you for the images you added above to show the process. It was confusing to setup this plugin.

  4. You have brought up some amazing tips and secrets to secure a new wordpress blog. These days the WordPress blogs are being hacked, so these tips can be really helpful.

  5. Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one

  6. Thank you so much Enstine.

    I just configured the itheme security plugin on my blog. The configuration was a little bit headache but it worked.


  7. Wao! I actually do not know much about this security tips, even the plugin sound strange to me. Thanks for this awesome write-up, I am implementing it right away.

  8. This is an awesome article on how to protect ones WordPress from hackers. Great tutorial and it is very easy to follow too. We definitely need more articles like these. Everyone must secure their blogs and/or websites immediately if they haven’t already done so.

  9. How can one recover after being hacked on a non-wordpress website? I recently had one of my websites hacked and seems like it is affecting my performance in search engines. I would appreciate any guides that have proven to work especially in restoring one’s rankings.

  10. Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one

  11. This is totally something new for me. I am blogging since the last 4 years and did not hear about iThemes plugin. After reading your blog, I believe this is an essential plugin for all the WordPress bloggers. Thanks for sharing this wonderful information.

  12. Hey Enstine,

    I just came to know about iThemes plugin for WordPress. Since, I have started my blog in 2013, I am relying on WordFence and BulletProof WordPress plugins for my sites. Though, these both are great plugins but still I will give a try to iThemes.

    Thanks a ton, Enstine! πŸ™‚

  13. I think, Backup must be done often or else we can use automatic backup plugins. And Thanks a lot for sharing such a wonderful Post.

  14. Thanks for sharing great information. Currently, I am not using wordpress. But I bookmared your post for later when I will create a wordpress site. Your wordpress security post really looks like helpful. Thanks again.

  15. I really love the security plugin called Wordfence. It allow me to auto block any IP trying to hack my site, it notifies me of out-of-date plugins, and if you do get hacked it will show you which files have been changed, then show you a comparison of before and after, and easily allow you to go back to the previous version of any file. The basic model is also free with the option of a more advanced paid model. Very slick and super easy to set up and use.

  16. Awesome post and a must read for every blogger. Security is one of the biggest concern of internet these days and keeping your WP secure one have to make sure proper back-up and other key parameters has been taken care of . Thanks for sharing this useful article.

    [Please delete the previous comment as the email id was provided wrongly.]

  17. Hey Enstine,
    Your article is too good,It is really useful me and I never know about blog hacker, Today I learn something new only because of your article,Thank you so much for wonderful sharing with online and again thank you.
    With Regards,
    Daniel Palmier.

  18. Another Great Article, Thanks Enstine sir.
    in past i was using One Click Wp Security plugin but this itheme’s Security plugin is more advance and better thank you again πŸ™‚

  19. Thanks for this information on security breach in WordPress. I have really been looking for more information on this.

  20. I would argue that UpdraftPlus is the best backup program for WordPress. It’s the most downloaded backup plugin on WordPress. this is the best plugin by which we can get out websites backup directly on google drive or any other cloud platform

  21. Thank you for the list. I’ve since checked into Wordfence and I love that it has its own caching program. I’ve been using WP-Super Cache but have had trouble with it conflicting with other plugins. After installing it, I checked my site speed over at pingdom and found it to be back below two seconds. Thank you.

  22. There are so many fake registrations happening to my blogs these days and just because of this i had to remove the registration process. Is there any plugin to register authorized author for my blog?

  23. Hello there, thanks for your great post on WordPress security. I use iThemes security plugin. But I’m using a custom permalink structure as Now if I change it, how will Google take it?

  24. It’s such an amazing article. It’s great to know how active you’re in the blogging community and providing such amazing tips and techniques. Keep inspiring. Also we can achieve security for wordpress by not allowing world access to wp-config.php

  25. Thanks a lot for the post, it surely is a lifesaver for many. Nothing sucks like being hacked. I would appreciate if you consider tackling how to deal with the same issue on custom sites which are non-WordPress.

  26. Great tips Enstine,
    We all know how important it is to ensure that our sites is well secured from those bloody hackers in fact, I’m once a victim and because of that, I’m now very careful.

    However, i love the tips you shared here and I’m sure it will help anyone to have a well secured blog if followed very well.

  27. I only use Limit Attempts Login on my wordpress blog but i will try this plugin.
    Is it only for new blog ?

  28. Hi Enstine,

    Thanks for sharing such wonderful post.

    One of my friends has just been hit by these hackers and it’s not a pleasant experience for him. I told myself it’s time to protect my blog from hackers so am going to use this guide.

    This post will come in handy for anyone that wants to protect their blog.

    Have a great day!

    • Wow! Please get your blog secured asap!
      It may not be 100% but the level you get can really keep a bunch of those bad guys away πŸ˜‰

      Thanks for being part of my community, Kore

  29. Yes now a days hackers really playing hard with word press blog, even my low traffic blogs get hacking attempts. I use another plugin right now but would like to try your suggestion. Thank you Enstine.

  30. Hey Enstine,
    I also use this plug-in from a long time and it has been benefiting me. This post is much useful for newbie blogger as I have seen that these days many sites are attacked by hackers even my friend was hit by them,but he successful got back everything.
    Harshul Jethwani.

  31. Hi Enstine,

    Good to be back to the blogosphere after a while πŸ™‚

    This is a good step-by-step tutorial of iThemes Security plugin. We use it on one of our blogs. We used it earlier, but it had a conflict with the blog theme or plugins. If you have a fresh site, then you can go ahead and change the directory and file names or prefixes. Though most of these operations can be carried out using codes or manually as Vinay does them on our blogs, iThemes certainly saves time and efforts. Most importantly, it’s free version itself is good enough for you.

    Thanks again for this post. Have a nice week ahead πŸ™‚

    • Hey Harleena,
      Good to see you back and welcome πŸ˜‰

      I’m particularly waiting for your personal blog which is more targeted to my audience too. We’ve got a lot to share there πŸ˜‰

      Wow! I didn’t know Vinay does that on your blog. But for non-techies, this plugin comes in handy πŸ˜‰

      My regards to Vinay. Hope you both are having a wonderful week

  32. Hi Enstine,

    This entry will actually save some new blogger who will likely get into trouble otherwise…

    Presently, I use Wordfence (which is super awesome by the way) but would have really loved the feature enabling ‘backend hide’. Since I couldn’t get it, I opted for the next best alternative: completely whizzing off the login form once a wrong username or password is entered πŸ™‚

    However, I’ll just installed iThemes Security on one of my new sites to see just how it will respond (as compared to WF).

    Keep up the good work – and let hackers simply go to hell!

    Enjoy the day!

    Akaahan Terungwa

    • Hey bro,
      I hear WF too is great. Well, in any case, I think both have their different limitations and the only way to know what’s better is by testing.

      Please share your results, probably in a blog post to help us with more info on both

      Thanks for being part of the post today, buddy

  33. That’s one awesome plugin. I haven’t used WP in ages and is therefore unaware of what plugins are must-haves for any blogger and this is an eye opener.

    On a slightly related note, the whole series sounds so full of great info that I’m going to definitely go over them. Thanks!

  34. Enstine,

    Fantastic tutorial my friend. Thanks for putting it together and sharing. There is a lot of time and effort involved. Yeah, having all that hard work go to waste without being secure would be a bummer.

    Have a great Monday!


  35. Hi Enstine,

    This is a really great post! For someone who is new to blogging and self-hosting, I’m sure Security is one of the last things they are thinking about. There are so many good security programs out there that finding the perfect one can be confusing. I thank you for this great tutorial as I know several who may benefit from it. Passing it along!

    Happy Monday!


  36. Hey Enstine,
    One of the major issue in these days is security to own blog, ithemes Plugin is suitable for us.
    Thanks for shared an useful article and enjoyed to reading this article.

  37. Hello Enstine,

    Very nice info there. Had been thinking of securing my blog but needed a recommendation and some easy to handle info. Just installed the plugin followed the steps.


  38. Hi Enstine
    As security is my primary concern, I was is search for a good security plugin for my wordpress blog. Thanks for reviewing such an awesome plugin. I don’t need to be professional or skilled to use this plugin and i can keep a control over my blog easily.

    Thanks Enstine .. Keep writing πŸ™‚

  39. i also want to protect my blog but what if this plugin have some loophole that can lead to certain bad things. Plz let me know

  40. HI There,

    Hackers growth is increasing these days as many hackers are developing different tools to hack wordpress blogs. However, This tutorial is best and will surely help wordpress users to secure their blogs from hackers. This is also going to help for securing my own blog

    Thanks man for sharing such awesome post and plugin.
    Mohammed Yaqoob.

  41. Hi Enstine,

    This is my first comment here, on your new blog. It is a very nice blog and you started in force. I like it.

    The topic of blog security is a hot one these days. I read your post and bookmarked for later use… if I decide to install Better WP Security.

    It is very interesting to look at that list provided by the plugin and to understand the vulnerabilities of my blog.

    My problem is that my blog is not new. Some things are already changed (like the admin name) and I do not know the effect the plugin will have on the old settings.

    One more thing: If you change some things (like the admin name or the table prefix of the database) with Better WP Security and later, for any reason, you decide to uninstall the plugin, what happens with the settings. Do they revert to the previous settings, those before the plugin or they are maintained.?

    I don’t want to be dependent on any plugin. So, how would the un-installation of the plugin affect the settings?

    Have a wonderful day

  42. Hiding back-end? Now, that is cool!

    I will definitely give this one a try, Enstine. Thanks for the tip!

    I already have taken care of many things, such as changing the table prefix (picked it up from Babanature’s blog).

    I am wondering why I haven’t seen any bloggers writing about this plugin. This will surely help πŸ˜€ Thank you once again. Hope you had a wonderful weekend!

  43. Hi Enstine,

    I have a question –

    What if you have a blog with some posts, say around 50-70, and haven’t changed the blog’s database table prefix then will it be a problem if we do it now?

    In other words:

    Can we change the blog’s database table prefix if we have some blog posts?



    • Hey Piyush,

      I just followed the steps outlined above. Changed the table prefix and my blog is not new. Nothing happened and everything works fine as it did before.

      But still you must back your database up.

  44. Fantastic tutorial, Enstine.
    The blog security should be a priority for every serious blogger.
    Noone would like to lose all the efforts and hard work done on his site.
    I use also “Limit login attempts”, which blocks users after n.(the number you set) failed login attempts.
    Thanks for sharing!
    Have a great sunday!

  45. Hi Enstine,

    Nice post and well written. This post give me so many security ideas. I setup my blog on WordPress 2 months before and didn’ think about the security of my blog. I installed ‘Better WP Security’ but didn’t customize it. Now it is the time for it. My friend said me about changing the wp-admin to custom one some days before. But, I didn’t know it. So, I understood it from this post. Thanks Again πŸ™‚

    Abid Omar

    • Hi George,
      I’m aware there are other plugins out there but basically, they do the same things. However, some may have more advanced options but for pretty new sites, the options we get from this free plugin is quite good to go with.

      Thanks for your visit and comment this weekend

      • Yes you are right, there is one simple free plugin with minimal config its limit login plugin,good for new sites.

Comments are closed.