How I Secure WordPress Blogs and How You Can Protect Your Own

Securing WordPress Blog  is very essential element for any WordPress Blog owner. There are lots of hackers who keep eyes on blogs just to ruin hard work of Blog owners and to disturb their online business by hacking their blogs. Every day I read hacking report news through which I get to know which blog or website has been hacked by smart hackers. These reports always push me to make sure that my WordPress Blog is secured and I can save my blog from hackers. However, in this post I am going to share how I protect my WordPress Blog through easiest and strong way. I have tested it for more than 1 and half-year and satisfied. Therefore I am going to share how exactly I secure my WordPress Blog.

Secure WordPress Blog:

One day you work hard a lot by working on your blog and the other day you see that your blog got hacked is the very annoying situation. Anyhow there are some ways through we can easily make our WordPress Blog Secured.

What Methods I follow?

I use Bulletproof Plugin to secure my Blog and some other precautionary methods to protect. Having a glance on the methods I follow would be good idea here. :) Back in 2010 when I first created my blog (which I turned off) which got attacked by hackers four times and I lost almost every data. I could not manage my blogs due to lack of knowledge. I was totally fade up and quite my first entertaining niche blog but now I follow some useful methods that have worked for me for more than over 2 years which are listed below.

Method #1: Strong User Name and Password:

I always use strong User Name and Password which contain combination of ‘Characters’, Numerical Values’ and ‘Special’ Characters. However in ‘User Name’ we can’t use ‘special characters’. I strongly recommend using strong User name and Password just to make sure that it can’t be guessed by anyone. Even I don’t remember my User Name and Password :D and use my diary to log in every time where I have written all details. :D

Method #2: I Hide Wp-Admin URL Using Lockdown WP Admin Plugin:

Another method I use to protect my WordPress blog is to use Lockdown WP Admin plugin to hide my wp-admin url. As we have a by default log in url to get access to our admin area in WordPress and hiding it will be a great way to enhance security measures to WordPress Blog.

Method #3: I Create Difficult MySql Database, User Name and Password:

When we create and install our WordPress blog via Softaculous which is the easiest way to install WordPress Blog in 5 Minutes, we are lack of creating strong database user name and password. WordPress is a CMS platform which runs on Php and MySql. MySql is a database where our data is stored of our blog. I always prefer using Cpanel Manual method to install WordPress Blog which is also easiest way to do so. You can also read my complete guide as how to manually install WordPress Blog.

Method #4: I Use Bulletproof Security Plugin to Super Secure My WordPress Blog:

BulletProof Security plugin provides you a well class security for WordPress Blog. WordPress is already very secured platform, but hackers are hacker and they can do anything they want. So, a bit more safety measures can help out more to secure blogs. Hackers use XSS, RFI, CRLF, CSRF, Base64, Code Injection and Sql Injection Technique (Read More) to hack Websites. Bulletproof Security plugin provides more security to your WordPress site from such attacks. Below I have shown how to install Bulletproof Security and configure it.

Step 1: Installing Bullet Proof Security Plugin:

Log in to your WordPress site scroll your mouse on “Plugins” and Click on “Add New”.


Type “Bulletproof Security” in search bar and click on “Search Plugins”.


The page will appear containing lots of plugins details. Choose Bulletproof Security and click on “Install Now”.


A prompt window will appear, click “OK” and then next window will come up showing information that plugin has been installed. Click “Activate Plugin”.


Step 2: Setting Up Bulletproof Security Plugin:

Now as Bulletproof Security Plugin has been activated it will be shown in left bar. Scroll down on it and click on “htaccess Core” for further settings.


After it you will see an admin interface of Bulletproof Security Plugin where you have to follow some more steps to protect WordPress blog. See below how to do that.

bulletproof-first-action mycustomimage

Here you have to click on “Create secure.htaccess File”. It creates a secured .htaccess file in your public_html directory to protect WordPress. Click on these three buttons to “Create Secure .htaccess File”.

Step 3: Activate Bulletproof Security Mode:

Now the next thing is to activate Bulletproof Security mode for your root folder, wp-admin folder, .htaccess file and folder access. Click on “Bulletproof Mode” and Click “Activate” to enable security mode.


Enable all mode one by one.

Step 4: Check Security Status Tab and Fix If any Red Alert:

After activation of Bulletproof security mode, click on the second tab “Security Status” to know how secured your WordPress blog is now. You will see red lines on this page that will be showing and giving you some warning about the missing actions, read them and follow the same instruction. After you complete all the necessary steps you will see your site is completely secured through Bulletproof Security plugin as below.


Step 4: Setting Up Permissions in cPanel:

When you have followed all steps which are in red line, your screen will show green lines and no warning messages. Here is one more thing to learn. You can see a circle at the above picture which is showing “Permissions”. Permissions are set for the files of your blog/website. Permissions are the main things that control security of files. If your file permission are re-writable, anyone can come to it and change it and you can face hurdles. So, at this screen you will see that Bulletproof Security asks to set your files “Permission” shows that “Recommended Permissions” column. You can do it through your cPanel.

How to Set Permissions?

Log in to your cPanel account and go to File Manager. At File Manager select the file you want to set permission for. For Example we are here going to set Permissions of Wp-admin folder. Select this folder, hit right-click and choose “Change Permissions” as below.



You can set your permissions through check list (On security tab of Bulletproof Plugin) and then click on “Change Permissions. Hit “Refresh”, your permissions will be changed.

Check if Permissions Got Changed:

After changing permissions of all required file by using above method, hit refresh to “Bulletproof Security Plugin” page and make sure all permissions are set now as below.

bulletproof permissions changes

Note: Leave ‘root folder’ as it is.

These are some methods I follow to protect my WordPress Blog and have found these useful for my blogs. However most of other bloggers have used other ways to protect their WordPress blog. This is all what I have experienced for about securing WordPress blog.

Last Words:

Security is the major issue for anything special we own and our blog is our assets, business and life. You must secure your WordPress blog now. If you don’t, you probably going to be in trouble.

Don’t Be Harsh:

Your single clicks can appreciate my work. Don’t forget to share it with your friends if you have liked my article and feel free to share your thoughts in comments. :)

Leave a Reply

Your email address will not be published. Required fields are marked *