How to secure hacked wordpress website

3 – How to secure WordPress Website | WordPress Security Guide Step by Step

Madiha Yaqoob 10

The Complete Guide to Securing Your ‘Hacked‘ WordPress Website

WordPress Security has always been a pressing concern, so we need the ultimate guide to safeguard our websites from malware attacks, hackers, and intruders. In this third and final part of the WordPress Security Series, we will explore the best practices and techniques to harden WordPress Security. Whether you choose to utilize security plugins or not, these steps will help you make hacking attempts nearly impossible.

Step-by-Step Approach to Secure Your WordPress Website

In this section, we will discuss the necessary steps to enhance WordPress Security effectively.

From PC to Web Server: Eliminate Vulnerabilities

Ensure that there are no vulnerabilities or loopholes in your PC or web server that could compromise the security of your WordPress website.

Choose a Secure Web Host

Opt for a modern, top-notch web host that prioritizes security, as it plays a vital role in reducing security risks for your WordPress website and beyond.

Embrace HTTPS and SSLs

Switch from HTTP to HTTPS and utilize SSL certificates to encrypt communication between your website and users. Also, avoid using FTP and switch to more secure alternatives like SFTPs.

Regularly Back Up Your Website

Implement a backup plan for your website, either automated or manual, to ensure you have a recent copy of your site’s data in case of any unforeseen security incidents.

Keep Everything Updated

Regularly update your PC, mobile devices, website, and server, along with all associated components, such as themes, plugins, and core files, to mitigate potential security vulnerabilities.

Implement Additional Security Measures

Consider implementing security measures such as site locks, firewalls, two-factor authentication, and secure content delivery networks (CDNs) to add layers of protection to your WordPress website.

Limit the Number of Security Plugins

Avoid installing excessive security plugins on your website and opt for a single reliable option. Some web hosts even provide security services, and logging out idle users can also enhance security.

Say No to Nulled Stuff

Avoid using nulled themes, plugins, or other illegal resources. Keep your PHP version, themes, core files, and plugins updated to prevent potential security vulnerabilities.

Secure Files and Directories

Prevent unauthorized access by disabling file editing and directory browsing through .htaccess. Additionally, ensure that files in the uploads folder cannot be executed.

Protect Key Files and Hide Them

Secure sensitive files like wp-config.php, .htaccess, and robots.txt from intruders by setting appropriate permissions and hiding them from public access.

Database Security

Ensure correct file permissions and database privileges to prevent unauthorized access and protect your WordPress site’s database.

Harden Security via Code Snippets

Follow the tutorial provided to enhance WordPress Security by using code snippets in files like .htaccess and wp-config.php.

Change DB Table Prefixes

Change the database table prefixes of your existing WordPress site, as this simple step can provide an additional layer of security. Newbies can use plugins to accomplish this task easily.

Disable XML-RPC and Use Captchas

Disable XML-RPC if it’s not necessary and implement captchas with form submissions. Change your login URL and set limits on login attempts. Learn how to block suspicious IPs with or without plugins.

Be Vigilant and Regularly Inspect Files

Stay alert and monitor the activity on your website. Conduct regular scans to identify any potential backdoors or malicious files. Manually inspect files to ensure their integrity.


You can significantly boost the security of your WordPress website by following the step-by-step instructions in this guide. You need to be proactive, keep up with security best practices, and take the necessary precautions to safeguard your valuable online presence from hackers, malware attacks, and intrusions.