Best way to keep secure your WordPress blog from spammers

WordPress has been the best blogging content management system around the globe. Since it is easy to customize, WordPress has become a favorite of bloggers and web designers. At the same time, it is getting more attention from hackers and spammers. Securing your WordPress blog is the most crucial thing because if your website gets infected with malware, your search engine rankings will also be affected.

Here are some simple ways that can be used to secure your WordPress blog.

1.  Update your website with Latest Versions

Updating your WordPress website with latest versions helps in enhancing the security of your website. When you login with your WordPress account, you are notified with a message on your Dashboard that a latest version is available. Follow the instructions to upgrade the software.  If you are sticking to an old version then it is time to get it upgraded now or else you will be inviting hackers to your site.

2.  Set a Strong and Unique Password

Simple is not always better when it comes to setting a WordPress password – especially if it’s easy for cyber criminals to crack it. The next question is how to protect your password. First of all, you should set a strong and unique password. Always use a combination of upper case and lowercase letters, digits and special characters in your password. For example “K@20&13h” is a strong password. Having set such passwords will make it difficult for potential hackers to guess.

Another important thing is never share your password with anyone. Also, avoid logging in to your WordPress admin account at public places like cyber café, institutions etc. Keep changing your password at least once in three months.

3.  Remove Default Admin Users

An admin account is a default user account that WordPress installation creates. Many people forget to change their username from the WordPress default of “admin.” If you don’t remove this user, you are making way for hackers to guess the administrative user name for your WordPress blog.  All they have to do is crack your password and access your account.

You should change default username of admin account and give yourself the role of an admininstrator so you have the access to make any necessary changes on your website. Next you have to delete ‘admin’ account form your WordPress installation.

4.  Implement Captcha Code for Login Screen

If you really want to make accessing your wordPress account even harder, add a captcha code on your WordPress login screen. By using captcha code, it will be difficult for hackers to login using scripted methods. You can install Captcha Code WordPress plugin for this purpose.

5.  Limit login attempts to your website

Hackers can easily guess your login password by making several attempts to login using different username and password combinations repeatedly. They could try this method hundred times if not thousands consuming your resources and putting your website at risk. To prevent that from happening, you can install a free WordPress plugin called Limit Login Attempts. This plugin records the internet address of every failed WordPress login attempt. After a specified number of failed attempts are reached, this plugin will disable the login function for all requests from that IP address.

6.  Hide your plugins folder

Most of the hackers use plugins to access your blog. They can easily get the list of plugins that you are using for your blog with the aid of To fix this problem you should upload a blank index.html file to the plugin directory.

7.  Perform a regular scan

You can use the wp-security-scan plugin to do a regular scan of your blog setting for any security loopholes. The same plugin can also be used to change your database prefix from wp_ to a custom prefix.

8.  Backup your WordPress Database

No matter how secure your blog is, you still need to backup your database. WordPress has made the backup process easy with both free and paid plugins. According to Wil Thomas, bloggers should always make backups of all their WordPress site documents. You can use the wp-database backup plugin to backup your database every day.

9.  Use Copyscape

Use copyscape to find out where your content has been copied.  Simply enter your website URL and Copyscape tool will detect online plagiarism. This way you can easily enhance your blog security and ensure that your content is not plagiarized.

As a blogger it is important to follow the above tips and stay alert while on the internet. Using the protective ways enlisted here will make you the smart one out there and help you to secure your blog from hackers and spammers.


Brianne Walter is a freelance journalist who has been writing about mobile technology, customer relationship management and women’s health for more than a decade. These days she is busy to contributes on punchh

Joe Granados the author

Joe Granados is the owner of WebDevTuts. He is also a web designer & developer who loves to design and develop websites. If you're looking for him you can find him via @webdevtuts

Leave a Reply