How to Secure a Wordpress Site



Security is very important for all devices and tools even it is on online / offline. In the web world a small mistake would cause to lose your effort and data, with some of the simple tricks we could make our wordpress site to be more secure, I am going to explain that the few tricks below,

Hide the Wordpress Version Number :

It seems to be a more simple but the effective one because we can update the wordpress code immediately while releasing the security update, it would open the gate for hackers. so better to hide the version number displaying publicly. we could hide that with the following way,

If you are using older theme, just remove the following line from the header.php


If you are using newest theme, add the following code in function.php

remove_action('wp_head', 'wp_generator');

Update Regularly :

updating sofware always a good habits, always check currently using themes, plugins. core and update it immediately. wordpress also providing updating themes, plugins, core from the UI so anyone can update the site easily without much knowledge about the programming.

Disable Directory listing :

It means some of the directory path would list all the available file in the browser, so hackers easily can access the important files with configuration. a simple way to disable the directory listing is adding index.php / index.html files in the directory.

we could also disable it from another way with .htaccess file, just adding the follwing code in the .htaccess file would prevent from listing the files,

Options All -Indexes

Secure Admin Account :

Secure admin account with the unique username and password, Don't uses well know common username / password for the admin account like ( hello, admin, etc..,)

Monitor your files :

If you want some extra added security, you can monitor the changes to the website’s files via plugins like Acunetix WP Security, Wordfence, or again, iThemes Security.