Our thoughts are with those affected by the bushfires across Australia. If you have been impacted and need help with your account, please call your Account Manager.
About the author
Share the love


7 Things You Can Do to Protect Your WordPress Site

The popularity of WordPress is difficult to argue.  With its simplicity, price tag and SEO benefits, it’s quickly become the go to choice for webmasters.

With over 60% market share in the CMS space, it should come as no surprise that this has sparked the attention of hackers and other nefarious figures.

Critics of WordPress are quick to argue the security of the platform, but don’t let this deter you from using it.

Here are 7 things you can do to protect your WordPress site from online threats.


  1. Add a new user account & avoid revealing your username

Hackers make use of the default “admin” account created when you install WordPress.  Ensure you create a new user account and provide full admin authority to it, deleting the default admin afterwards.

Avoid exposing your username by setting it as your author name.  Creating a new account is great but not if you reveal your username to hackers in the process.

Simply go to your settings and search for the “Nickname Field” under “Your Profile”.


  1. Move your login page

The default administration login page for WordPress makes it incredibly easy for hackers to attempt to break into your site.  The good news is that there are plugins available that can quickly and safely do this for you.   We strongly recommend doing so and making it virtually impossible for hackers to guess your new login page URL.

HC Custom WP Admin URL is super easy to install and configure.


  1. Limit login attempts to your site

Hackers typically use bots and other tools to hack into websites – simply put, there will be countless attempts to gain access to your website.  By limiting the number of login attempts, you will greatly reduce the chances of successful hacks.

Plugins such as Limit Login Attempts do a fantastic go of stopping intruders in their tracks.  The plugin has not been updated in two years, but don’t let that stop you from installing this fantastic security tool.

Features include:

  • Limit the number of retry attempts when logging in (for each IP). Fully customisable.
  • Limit the number of attempts to log in using auth cookies in the same way
  • Inform user about remaining retries or lockout time on login page
  • Optional logging and email notifications
  • Handles server behind reverse proxy.


4.Update WordPress

One of the main reasons why hackers successfully break into WordPress sites is because webmasters fail to keep their CMS up-to-date.  Whilst security flaws are quickly fixed when they are discovered, failing to update can leave you at the mercy of hackers.

Many webmasters have concerns in regards to updates potentially breaking their site, such as their theme.  In reality, these potential issues are easier to remedy than your website being hacked and exploited by nefarious characters.


  1. Malicious theme

There is no shortage of stunning WordPress themes that are available online for free.  Approach with caution, however.  Many of these themes have malicious codes attached, usually hidden using encryption.  These themes can quickly and easily allow hackers to break into your site.

Another tactic used by those who create these “compromised” themes is to add hidden backlinks to websites embedded within your site.  Whilst this tactic may not leave you vulnerable to hackers, it can quickly hurt your SEO and Google rankings.


  1. WordPress version number

Hackers are quick to exploit known vulnerabilities in older versions of WordPress.  Security flaws and exploits for each version are readily available online.  Unfortunately, WordPress generates the version number in the source code and, you guessed it, hackers can quickly identify vulnerable versions at their will.

Luckily there is an easy solution to remove the version number of your installation; simply add the following code to your themes function.php file:


function remove_version() {

return ‘ ‘;


add_filter(‘the_generator’, ‘remove_version’);


  1. Protect your site from spam bots

WordPress is highly susceptible to automated bots – typically these bots will attempt to post comments on your blog pages.  These spammy techniques are used to quickly and easily gain backlinks to websites of the user’s choosing.

Spammy blog comments will not only hinder your user experience and the quality of your website but also hinder your SEO efforts and Google rankings.

If you’d like to find out more about keeping your site secure, give our team a call on 1300 663 995.



Get in touch!




PayPal Certified Developer
Facebook partner
Adwords qualified individual
Adwords partner
Google partner
Australian web industry association