5 Ways to Protect Your WordPress Website From Hackers [Viruses, Malware and Adware]

Launching your own website is easy!

Talk to a hosting service provider, pay hosting and domain charges and get started. But maintaining a site is difficult.

You may be thinking it’s quite easy to create pages, and add new posts to the site!

Yes, that’s easy. But the real game starts at configuring your WordPess setting in such a way no hacker can invade your site with viruses, and malicious codes.

Settings Android Tab

You must seriously look into your site’s safety and security at regular intervals. Thousands of anonymous hackers want to infect your site with various malware, ransomware and adware to make money. Well, there are a lot of reasons why they do so. But we will focus on enhancing your wordpress-site’s web security for now.

In cyberworld – any site can be hacked anytime, any day and anywhere by any hackers.

Top 5 Free DIY Tips to Protect Your WordPress Website

#5) Tough Username & Password

This is the simplest way to building a protective shield against your site’s unauthorized use. It’s always recommended to not using ‘admin’ as your username. Also, your password should not be too guessable like your site’s name or your city, country and surname.

Ideally, your password should be around 10 letters or more with a combination of capital letters, alphabets, symbols and digits.

#4) A two-Step Authentication

You can now easily enable a two-factor authentication system on your site’s login window. It’s very simple. Just go to WordPress setting and select a log in option. Fill out the required information and once verified, your two-way authentication mode is active now.


Risky Trick – Changing Dashboard Path

Another way, is to change your admin path. So, instead of wp-admin or login, you can also modify the path to something like -> www.yoursite.com/authorise or using a combination of any other words that you are not using as a tag/category/keyword in your site.

Please don’t try this if you don’t have much technical knowledge. If you forget your dashboard path, you may never able to login to your dashboard again. Mind it!

There are plenty of security plugins available that you can use for this purpose. Once you change your site’s admin path, don’t forget to redirect other login paths such as wp-admin or wp-login back to your home page.


You can use an OTP sent to your smartphone or email inbox for login verification to access Wp-Dashboard.

#3) Disable Comment Section

It’s not advisable to keep your comment section open. Disable it immediately. Just for the sake of 1 or 2 comments, you can’t make your site vulnerable to spam comments with malicious links to infect your WordPress site. So, whether you are using free self-hosted WordPress site or managed WordPress (from hosting provider), keep your comment section disabled.

Go setting section on your WP-Dashboard and select the discussion option. Now, disable the tick that says allow visitors to post comment.

#2) Disable XML-RCP

A few years back, XML-RCP was developed as a toolkit to help you get access to your dashboard from smartphones. But it’s not needed if you only access to your site using PC or LAPTOP.

Through XML RCP, hackers may try thousands of various BRUTE FORCE attacks on your website 24*7.

Disable it either through dedicated plugins for this purpose or install any other reputed security plugins like WP CERBER, WORDFENCE, MALCURE and others. Go to Setting of any of these plugins, you will see DISABLE XML RCP button – just switch it on. If the XML RCP button is already enabled on your site, then please untick (disable) it and confirm.

PHP Screengrab

#1) Google Captcha

You must enable two-way captcha V2 or V3 enabled on your site login window. This helps you stay protected from various login attempts that hackers may try using bots. Google Captcha is intelligent enough to differentiate between a human and a bot.

It automatically stops all login attempts made by a bot.

Hackers often steal data and other sensitive information from sites like Card details and site’s login information for unauthorized use. It’s always better to keep a close look at your site’s safety and privacy.

Black and Gray Laptop Computer With Turned-on Screen Beside Person Holding Red Smart Card in Selective-focus Photography

The Conclusion

Taking safety measures for your site’s security takes a fraction of time than getting your site fixed from viruses or errors. You can also migrate your WordPress site to HTTPS from HTTP for enhanced security and privacy concerns. But, you need to make a small payment for that to your hosting service providers.

HTTPS adds several layers of protection to your site through SSL certification and other encrypted codes, which keep it secure and protected.

Switch to BRAVE BROWSER

I’m fully satisfied with its in-built adware blockers. It also doesn’t track my location while I access to my site’s dashboard. So, there is no question of a safety breach or data leak. I’ve been using BRAVE BROWSER for more than the last three months, and very happy with it.

iwriter