Tips to Prevent WordPress Site Hack

Now a days wordpress sites are hacked by hackers very frequently . So, everybody are increasing their involvement on their blog to prevent it. I am also . So, I took this following prevention measurement to protect my blog from Hackers.

1. When you are going to install wordpress please change table prefix “wp” to another custom. As everybody knows the wordpress by default use table prefix as “wp”. So, hackers can easily use this to enter your site.


2. First off all create another Administration User with strong password (password should have at least one numeric, upper case , lower case alphabets and one symbolic character. After that delete “admin” user.

3. Delete basic plugins which comes with WordPress basic installation like hello, Akismet.

4. To stop spam posting I used “Stop Spammer” WordPress Plugin To Stop spam posting comment even it stop unnecessary login request.

5. Use custom login url to enter as administrator . Like . For this you may use “Locker Press” wordpress plugin. It prevents to direct fetch of wp-admin or wp-login.php.

6. If possible put the wp-config.php moved to another folder.

7. You can also block search engines to index the following folder from robots.txt . If these folders are not crawling by search so, you can prevent hack. Create a robots.txt and put it to into root folder . Write the followings in robots.txt

User-agent: *

Disallow: /cgi-bin

Disallow: /wp-admin

Disallow: /wp-includes

Disallow: /wp-content/plugins/

Disallow: /wp-content/cache/

Disallow: /wp-content/themes/

Disallow: */trackback/

Disallow: */feed/

Disallow: /*/feed/rss/$

Disallow: /category/*

8.Protect your .htaccess file: You can simply prevents external access to any file with .hta . Simply place the code in  root .htaccess file.


<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

9.  Put a extra bit of secure your wp-config.php by writing the following code in .htaccess.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all

10.  If You don’t want users to browse and get access to all file types like images (jpg, gif, png), Javascript, css and XML. Place the code below in the .htaccess file within the wp-content folder (not the root).

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpeg|png|gif|js)$”>
Allow from all

11. Now comes to an end with the final point , how to block SQL injection ? Here is the solution


# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]


Write the above code into root .htaccess file. It will prevent sql injection attack.

At the end , I want to say that above prevention may reduce the chance of hacking , but , no body can assure that it can’t be breakable . So, keep updating yourself to protect your lovable blog/site.

6 thoughts on “Tips to Prevent WordPress Site Hack”

  1. When I originally commented I clicked the “Notify me when new comments are added” checkbox
    and now each time a comment is added I get several emails with the same
    comment. Is there any way you can remove me from that service?
    Many thanks!

  2. Hello! This is my first visit to your blog! We are a group of
    volunteers and starting a new project in a community in the same niche.
    Your blog provided us beneficial information to work on. You have done a outstanding job!

Leave a Reply

Your email address will not be published. Required fields are marked *

Result of *Captcha loading...