WordPress is the most popular content management system (CMS), with 43.2% of all websites running on its software. WordPress now powers about 23% of websites on internet. It has seen a surge in growth in the past few years. Unfortunately, its popularity attracts all sorts of cybercriminals who exploit the platforms security vulnerabilities. However, this doesn’t mean that WordPress has a bad security system, security breaches can happen due to users lack of awareness. Therefore, its best to apply precautionary security measures before someone attempts to hack your website. There are methods users can use to improve their WordPress security and protect their site from various cyberattacks. For instance, WordPress released a regular software that updates and improves performance and security. These updates also protect your site from cyber threats.  Updating your WordPress version is one of the simplest ways to improve WordPress security. Nearly 50% of WordPress sites are running on an older WordPress version, making them more vulnerable. It would be beneficial to check whether you have the latest WordPress version you can check this by opening your WordPress admin area, and navigate to dashboard->updates on the left menu panel. On the other hand, you could just enable automatic updates however, this could crash your website due to incompatibility with older plugins or themes.

WordPress security
WordPress security

One of the most common mistakes users make is using easy-to-guess usernames, such as “admin”, “administrator” or “test”. This puts your site at higher risk of brute force attacks. Moreover, attackers also use this type of attack to target WordPress sites that don’t have strong passwords. It’s recommended that your username and password are unique and complex. The longer the password the safer your WordPress site will be from hackers. It would be beneficial to use special symbols and numbers instead of well-known letters.


Enabling URL lockdown protects your login page from unauthorised IP addresses and brute force attacks. To do that you need a web application firewall 9WAF) service such as Cloudflare or Sucuri. Using Cloudflare, its possible to configure a zone lockdown rule. It specifies the URLs you want to lockdown and the IP range allowed to access these URLs. Anyone outside the specified IP range won’t be able to access them. Sucuri has a similar feature called URL path blacklist. Firstly, you add your login page URL to the blacklist so that no one can have access to it. Then you safelist authorised IP addresses to access the login page.


Its important that before making any changes, we strongly advice you to back up the old.htaccess file. If anything goes wrong, you’ll be able to restore your site easily.


Its important to note that blocklisting is effective only against known threats. Hackers can design malware specifically to evade detection by tools that use a blocklist system. Whilst safelisting offers a more robust security, it can also be more complex to implement, especially if you want a third party to do it, they will need information on all the applications you use.


if you are interested in some more tips regarding keeping your WordPress site secure visit https://dsgnuk.com/bloghome/ for more information.