The Ultimate WordPress Security Guide For Beginners (2019)

Since WordPress is a self-hosted then you and your hosting company are responsible for WordPress Security. If your hosting is not good then chances to hack your blog is high.

You can’t manage your hosting security but here In this post, I am going to teach you how you can secure your WordPress blog from hackers with the help of some tweaks and plugins.

I try my best that every new blogger can do these task so these steps are very easy and you just need some time to complete all tasks. I prefer to choose a day in which you are mostly free so that’ll become easy for you.

Ok Lets Start

Choosing Hosting Wisely = More WordPress Security :

Very first thing you need to choose best and reliable hosting for your blog.

I recommended you to go with Bluehost one of the best company so far with all features you need. Like Support, Cpanel etc.

Bluehost is also recommended by WordPress and many top bloggers from worldwide. There are many others best-hosting company’s for your blog if you can’t afford Bluehost.

Here are the links to other good hosting companies for your blog (Inmotion). These are the best companies for your blogs.

Keep Your WordPress Updated:

The Ultimate WordPress Security Guide For Beginners (2019) 1

For Increase your WordPress security It is recommended that whenever WordPress release updates just go and update. Why because WordPress improve his security and permanence in updates.

So hackers don’t know about it and your blog ll not compromised and Hacked.

Choosing Themes and plugins:

Think ten times before applying themes or plugins on your blog. I recommended you to spend some bucks and buy a premium theme for your blog instead of free themes.

Chances high that free themes can contain some virus code or hacker codes. The Internet is full of mulled themes and plugins but doesn’t go with them.

The Internet is full of mulled themes and plugins but doesn’t go with them.Choose premium theme because theme comes with support and not include any bad codes.

Note: One line of code can hack you blog fully.

What Theme I recommended (Well I am on Genesis custom child theme). If you know how to code a Genesis theme. Then I recommend you to go with (Genesis Framework).

Use Strong Password:

I know for newbies remembering password is the very difficult task but nowadays hackers are so smart they attempt to recognize your passwords with many software and bots.

Let me give you a tip whenever you set the password, for example, your password is (newbie555). Its easy to hack so add some characters like ($$newbie555$$##) that’ a strong password. It takes unlimited years to recognize your pass.

Change Default Username:

Now thanks to hosting companies and WordPress for taking action to change this thing. In old days if you install then your username and password is the admin so it’s easy for a hacker to hack your blog with brutal force attacks.

Install WordPress software in your hosting carefully likes set the custom password and username for your blog if you see that your pass and username is the admin.

You can also change your username from the database.

  • Open PHPMyAdmin from your hosting and click on users tables.
  • under settings click pass and change your username.
  • Save and go.

This is one of the most important things for your WordPress security.

Disable File Editing:

WordPress comes with inbuilt file editing section like you can edit your plugins and theme files from WordPress admin section.

But it’s not good some can edit your files and themes and add virus code in it so for safety disable this how to see below.

Go to your hosting panel and open the wp-config-PHP file from your blog root folder then add below code.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Done your file editing is disabled no one can change your files code from WordPress dashboard.

Secure Wp-Config.php:

This is the most important file for your WordPress blog. This file includes all your information which hacker need to access your database.

How To secure this file simply add this code to your .htacsss file.

<Files wp-config.php>
order allow,deny
deny from all

Disable Includes Browsing and File Editing:

Many bloggers don’t know that this is a very dangerous thing to open your for browsing. Hacker can easily find potential exploits by sniffing through those files.

If you secure this file correctly then this file should return a 403 forbidden error.

How to Block Browsing And File Editing:

Simply add this code to your .htacsss file.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

Change WordPress database Table Prefix:

By default, WordPress adds the (wp-) name in your database tables and hackers can easily guess what your blog database table name. I recommended you to change it With Like (wp- 54444 etc ). How to see below.

  • Go to WordPress dashboard and click plugins and add a new plugin.
  • Install and activate  (DB Prefix) Plugin.
  • Got to plugin settings.
  • Enter existing prefix name then enter your new prefix name.
  • Done your database table name change successfully.
  • You can delete this plugin after this.

Move From Http To Https:

All know that google loves https and also with https your blog security ll increase. Because every data from your blog become encrypted and make difficult for hackers to hack that.

You have to read this one of my guide for https

Add Security Question in your Admin log in Page.

If you add a security question to your admin login page then its make your WordPress blog more secure with an extra layer like no bots can access your blog, admin. Only authorized members can log in your blog.

How to add security question see below.

First, you need to install and activate (WP Security Questions) Plugin.

After activation just visits his settings and configure as your requirements. Done

Make Backups:

I see many newbies who not care about backups but what happen when your site gets hacked or deleted. I recommended you to make the backup of your blog every month or 2 months.

How There are many plugins out there like backup buddy vault press and nowadays hosting companies give free backup options so you can easily make backups.

Bonus Tips:

  1. Remove inactive users from your blog.
  2. Install security plugins like (All in one security).
  3. Always scan your blog after every week.
  4. Remove unused FTP accounts.
  5. Remove unused database tables with (Plugins Garbage Collector) plugin.


That is I hope you like this post and help you to improve your wordpress security. Anyhow again recommended you to check your blog every week or month for bad activity.

This ‘ll help you make your blog more secure.

Don’t forget to share this post with your other friends. And help them to secure their blogs.

4 thoughts on “The Ultimate WordPress Security Guide For Beginners (2019)”

  1. droidviral

    Great article bro! I came to many things I din know before like disable file editing,database table prefix(mainly)…
    Suggestion-use grammarly while drafting articles 🙂

  2. Mudasir Yasin

    Very nice and well defined tips for improve the WordPress Security, I like the ” Disable File Editing ” Option, because its new for me.

  3. Prosperity Kenneth

    You really took your time to write a fantastic article. Big ups and keep it up 🙂

  4. Mudassir Iftikhar

    nice really helpful

Leave a Comment

amet, quis velit, risus. felis mattis suscipit