Since WordPress is an open source CMS, it have some security holes, so that there is a chance to be get hacked. We can prevent these issue for some extend by taking some simple steps.

1. Use your own prefix for the database while installing WordPress rather than the default ‘wp_’

2. Usually WordPress admin will having the id, 1 in the database, this will be more helpful for the hackers to hack the details of the user with id 1. So it will be better to change the id of the admin user.

3. Change the error message ie being shown while a wrong password has been entered. By default WordPress shows a message “ERROR: The password you entered for the username admin is incorrect”

This will give hacker the idea that, the username entered is correct. So change the error message in such a way that it cant be identified.

To do that add the following code in your theme’s function.php file.

function failed_login() {
     return 'The login information you have entered is incorrect.';
add_filter('login_errors', 'failed_login');

4. Also disable the file edit functionality in the admin area. It can be done by adding the following code in your theme’s function.php file.

define('DISALLOW_FILE_EDIT', true);

5. Remove the WordPress version tag that is appearing on the header part of the website. Do this by placing the following code in your theme’s function.php file.

function remove_wp_version() {
     return '';
add_filter('the_generator', 'remove_wp_version');

6. Also rename the readme.html file in the root folder to some other name. eg : testfile727298823.html.

7. Disable the edit functionality of site url and home url from the admin side. To do this plac the following code in your wp-config.php file.


8. Use plugin like Lockdown WP Admin. This plugin can be used to hide the default admin path like and to some other custom path, like

Download the plugin : Click here

Categorized in:


Tagged in: