Knowledge Base
How to Secure Your WordPress Site
Protecting Against Hackers
Security should be a top priority for any WordPress site.
1. Keep Everything Updated
- WordPress core
- Themes
- Plugins
- PHP version
2. Use Strong Passwords
- Admin accounts
- FTP/hosting accounts
- Database passwords
3. Install a Security Plugin
- Wordfence Security
- Sucuri Security
- iThemes Security
4. Change Default Username
Don't use "admin" as your username.
5. Limit Login Attempts
Block IPs after failed login attempts (security plugins do this).
6. Enable Two-Factor Authentication
Add 2FA using plugins like WP 2FA or Google Authenticator.
7. Use SSL Certificate
Your Hostdeal hosting includes free Let's Encrypt SSL - make sure it's active!
8. Regular Backups
If hacked, you can restore from a clean backup.
9. Change Login URL
Use a plugin to change /wp-admin to something custom.
10. File Permissions
- Folders: 755
- Files: 644
- wp-config.php: 600
Signs of a Hack
- Unknown admin users
- Strange files in directories
- Redirects to spam sites
- Google warnings