Blog Security Check: 11 Ways to Protect Your Blog

We should be taking good care of our blog as we take care of our body. The reason we should always take good care of our blog, our blog is our business and a business will only treat you as you treat them.

One of the good ways of taking good care of your blog is by protecting it to the best of our ability.

Must Read: Easily Remove Your Sidebar Widget On Your Blog Mobile View

Bloggers are getting hacked daily simply because of how low their security measures are. Is your security not strong enough? You need to do some security check and see how vulnerable or secured your blog is and try to fix it as soon as possible.

Blog Security Check: 11 Ways to Protect Your Blog

A while back, my very good friend got his blog hacked. When he got hacked, he was frustrated due to his backups not being up to date.

It took him days getting his blog back, re-customizing his theme… and all… Trust me; it is hectic trying to restore a blog that has been hacked.

Instead of waiting to get hacked like my buddy, why not try to protect your blog the best ways you can… so when a jobless hacker tries to hack you, he will know you are not an easy fish to catch.

11 Ways to Protect Your Blog

No blogger or website owner is too secure enough to get hacked (even the giant Yahoo got hacked recently), but we can at least try to protect what we have to the best of our ability.

Below are 11 ways to protect your blog like a champ that I am sure will help you if you decide to carry out the steps…

1. Change Your Admin Login Name:

One of the main reasons my friend site got hacked was because he was using his name as the admin login name to his site.

Using your name, or using the default “admin” username is wrong and bad at the same time, and it’s so so easy to crack. Trust me, once your username is obvious, your password won’t be difficult to hack.

So what you can do to save your blog from getting hacked is simply by changing your admin login username.

Though, it is almost impossible to change your admin username once you have created your blog and add your plugins. But there is still a way you can change your admin username. How? By simply following this tutorial found here: CHANGING YOUR WORDPRESS USERNAME/ LOGIN NAME

2. Change The URL of Your WordPress Login Page

The default URL to your admin login page is “”. Do you know that you can change your admin URL to something like “”?

This way you can easily block those darn hackers trying to hack your site. If they don’t know your admin login URL, they can’t try their login attempt.

You can easily change the URL of your admin login page using either wordfence or any other security plugin, or you can read an easier post here: How to Create a Custom WordPress Login page

3. Add Two-Way Authentication to Your Blog

Now that blogs and sites are getting hacked, setting a two-way authentication on your blog should be your next step of security measure, don’t you think?

WordPress do have the two-way authentication installed on the platform but it is still not on the self-hosted platform. Why it’s not on the self-hosted platform, still remain unknown.

But they are some security plugins out there that can give your blog a two-way authentication login. Have you installed any of the security plugins that offers this feature yet? If not, do read about the best WordPress security plugins here:

4. White-List IP’s to Access Your Blog Login Page

Apart from using the two-way authentication login on your blog, you can as well whitelist IP’s that can get access to your blog’s login page using .htaccess.

IP’s you don’t give access to, can’t get access to your admin login page. That means only your IPs that you white list are the ones getting access to your WP-admin login page.

Want to know how to execute this on your blog? Then follow this simple step;

Go to your C-panel >>> go to “/wp-admin” folder and simply create a new .htaccess file and insert the below code in it.



AuthName "Access Control"

AuthType Basic

order deny,allow

deny from all

#whitelist home IP address

allow from

#whitelist work IP adress

allow from [/code]

Note: Replace those IP’s “” with the ones you want access to your admin login page. Also, note that you can add as many IPs as you wish.

5. Use a Neutral Prefix When Creating Your Blog

When you were registering your WordPress blog, on your “Database Settings” section, did you leave the default table prefix as WP_? If your answer is yes, then I am sorry to tell you that your blog is on its path to get hacked…

To help your blog stay alive, you can start by going to your database dashboard and change the table prefix from wp_ to any other name you which to give it. And do remember that doing this might change your database structure if you do not know what you’re doing.

Some security plugins do offer the option to change your database prefix. You can check the best WordPress plugin that has that option using the link above.

6. Regularly Change Your Password

Do you know that frequently changing your admin password will reduce the risk of getting hacked? Yes, when going chameleon on these guys, they won’t be able to predict your moves.

Must Read: Got A Blog But Haven’t Made A Dime From It? Here’s What To Do

Thank God, there is a feature in WordPress that helps you generate hard to get passwords. You can use the password generator to generate a password for yourself every week.

Trust me this feature will help you greatly to protect your blog from password hacks.

7. Install a Security Plugin

One of the best ways to secure your blog is to use a security plugin that will protect your blog from getting hacked.

There are some security plugins that does enough works to protect your blog… when you talk about features and security some tools out there can protect you and even alert you when you are getting hammered pretty hard.

I have taken my time to write a post on the best free security plugins in the market that I am sure you will love and will benefit you. Do check the post out.

8. Know the IPs Trying To Hack You and Block Them

How many IP addresses are trying to get access to your blog a day? Are they many? If yes, blocking that IPs addresses might be an interesting idea.

You can block those IP addresses either by using a security plugin or blocking the IP addresses manually using your C-panel, or you can use a third-party security like CloudFlare, sucur etc.

9. Find and Delete the Readme.html File in Your Blog

These hackers love it when you take things lightly, like not deleting the “readme.html” file after installing your WordPress blog.

What these hackers do is they use the readme.html to get more info about your site (like the version) and use that to their advantage to hack your blog.

But you can delete the readme file because it is useless to you and to your blog. How to delete your readme.html?

To delete or rename your readme.html file, simply go to your C-panel >>> Go to your WordPress directory and search for the Readme.html.

Once you’ve seen it, either delete the file or if you don’t feel like deleting the readme file, rename it to something else.

10. Still Wondering What WordPress Usernames Enumeration Is?

Even if you change your admin username, even if your username is totally different from your admin name, even if your username is long and impossible to guess, those hackers that are good can still easily find out what admin name you’re using.

As long as you’re using permalinks, it will only take quick seconds to find out your real username and hack your blog.

There are two ways to fight this; either by using a WordPress plugin or by doing it manually.

To do this manually; go to your admin panel (C-panel), where your WordPress installation is >>> Click “wp-admin” >>> Click “user-edit.php” >>> Click the edit button to edit the file or download the file for editing.

Inside the “user-edit.php” edit, search for: ‘wp_enqueue_script(‘user-profile’);

Have you seen it? If yes, simply paste the below code right below the above code.

[code]if ( current_user_can(‘edit_user’,$user_id ) == FALSE )

wp_die(__( ‘Forbidden’ ) );[/code]

Click the “save” button and we are done with the edit. Now you won’t have to be afraid of username injection anymore.

11. Always Do A Backup Up Of Your Blog

Even if we are careful enough, we still need to take a backup of our blog. As strong and secure as we think our blog is, something might happen… so there is no harm in playing safe and taking a backup of your blog.

There are many ways to backup your blog and one of the best ways which I use to backup this blog is mention in this post:


Try using all the security measures mentioned here and your blog will be safe again. Trust me, all of the tips here are working greatly…

Protect your blog today and stop worrying about getting hacked.

Let’s talk

Looks like I have said so much about so much on how to protect our blog, now it’s time to pass the keyboard to you guys.

Do you have questions, thoughts or comments you’d like to share with us? Please do by using the comment box below.

Must Read:  Clean Your Blog And Attract Search Engine Using These Methods

Remember that your comments, questions, and thoughts are highly welcome and most appreciate.

Be social

Do not forget to share this post with friends on social networks. I am sure they will need the post more than you think.

Sharing this post is also one way of keeping alive so please do…

Before you leave, do subscribe to our feed for your latest and most fresh updates on the go.


Similar Posts


  1. Hey Babanature,

    WordPress security is really important. You should always have a security plugin.

    To change the database table prefix, you don’t need to do it manually, just use the security plugin.

    Changing the default username is always required.

    Thanks for sharing with us.

  2. Well you have shared some wonderful security tips for wordpress blog. i must say I haven’t tried few of the methods listed above.

    Will surely implement these security tips.


  3. Hi babanature,

    This is useful for every blogger and every webmaster, because security become most important factor to survive on the internet, by the way I’m looking for the way to hide my /wp-admin and finally learn from you. Glad to know all others security tips have a good day !

    1. Hello Junaid,

      Good to know that you have finally learned how to hide the wp-admin URL. You’ll even learn more after following the tips shared here.

      Have a good week

  4. Among all the listed security tips, I’m only aware of changing login page and I guess I must implement other security precautions listed in this post.

    Securing our wordpress must be our top priority!

  5. Hey Author,
    This is a very important topic and you have explained it very well that when you are in WordPress development, You need to take care all these things. I will surely share it with my network.

Leave a Reply

Your email address will not be published. Required fields are marked *