Five Ways to Protect Your WordPress Site from Hackers

As most of you will know, WordPress is a free, open-source platform and a content management system (CMS) which can be used  to kickstart your website or blog. Despite many similar offerings entering the CMS scene, WordPress continues to reign supreme, perhaps in part due to its user-friendliness and thousands of plugins. While it remains a trusted platform among business owners and bloggers alike, it has its blind spots. WordPress websites can be susceptible to attacks from online hackers who are always lurking behind the screens, ready to exploit any security lapses. Hackers can spread malware that wipes out websites entirely, as well as gain access to personal details and confidential information. It’s essential that website owners are vigilant when it comes to safety so they don’t have to learn this the hard way.

Of course, there are many preventive measures you can take to protect your WordPress website from cybercrime. Here are our recommendations to keep things running safely and smoothly.

Install a firewall

Add a solid layer of defence with a firewall. These work by blocking bots that seem suspicious or malicious based on their behaviour. For example, if it asks for too many web pages within a short space of time, this could raise a red flag. Legitimate, innocuous bots such as Google and Bing will not trigger this response. Some more sophisticated firewall programs can even detect where the bots are coming from. The software then blocks the bot’s IP address, or the browser user agent it disguises in order to gain access to your page.

Limit the number of logins to your website

Sometimes, hackers guess the login details and passwords to websites. They do this simply by repeatedly entering data into the login page using trial and error. You can prevent this attempted break-in by limiting the number of login attempts to your website. There is a WordPress plugin called Limit Login Attempts Reloaded which facilitates this process. Most will cap login attempts at three, after which they will be blocked for a certain period of time or until their identity can be verified. This is a simple way to turn away unwelcome visitors trying to kick down the door of your website.

Disallow editing of files

If a hacker makes it into the backend of your website, they’re likely to wreak havoc on your design and layout. A tell-tale sign of a website under siege is when it looks completely different from usual for no apparent reason. Sometimes, the hackers will menacingly make themselves known with a message or image on the home page. To avoid this, set up your website so that editing files is restricted. By removing this permission, you’re making life a little harder for the hacker – even if they have admin access. The wp-config.php file, which also serves as the repository of crucial information about your WordPress installation and therefore the most important file in your directory, can also be the key to disallowing file editing. Upon accessing the file, you can type in this at the very end – define (‘DISALLOW_FILE_EDIT’, true);

Make sure to update website’s themes and plugins

Many WordPress users are afraid to update their website for fear that it may crash. But each core software update includes bug fixes and added security measures, so by ignoring them you are putting your site at risk. We recommend creating a complete backup before running an update to be extra safe. Remember to update your themes and plugins, too. Outdated features are one of the main security holes that intruders take advantage of. We suggest using WordPress’ auto-updater, which works by updating your website’s themes and plugins to the latest software automatically.  

Beware of abandoned, unused plugins

Stagnant plugins can pose a threat to your website’s security. They may contain a vulnerability, and since they’re no longer in use, it’s unlikely to be fixed. Hackers take advantage by buying these old plugins and updating them with malware and viruses which can do serious damage your site. Just earlier this year, millions of websites were probed and attacked after hackers discovered and began exploiting a zero-day vulnerability in a popular plugin installed on approximately 700,000 sites.


Your WordPress website is always under threat from online hackers, who are just a few clicks away from potentially destroying it. Take a proactive approach towards online security to avoid any nightmare scenarios in the future. As they say, an ounce of prevention is worth a pound of cure.

If you need help building a safe and protected website, Elephant in the Boardroom has got you covered. Not only are the Elephant Team experts in web security, but they also specialise in website design, SEO, graphics, content and all other aspects of digital strategy for your business. Visit www.elephantintheboardroom.com.au and let’s talk today.

We harness the power of technology to reimagine interactions between businesses and consumers. Pixel-perfect, cutting-edge websites, apps, software and campaigns that make an impact.








Ready to grow your business?
We are. Let’s talk.

+61 37018 7620
[email protected]