WordPress is a popular CMS online. Million of business personnel, blog owner and web administrator use it on a daily basis. WordPress Security is a very important step in protecting the sensitive data present on the web server. This informative article explains security mechanism in which you can protect your WordPress website from unauthorized access.

What is the need to perform this activity

  1. It will increase the overall performance of your website.
  2. Efficient backup.

You can protect your online presence by implementing some small and easy methods mentioned below


1. Manually change the default WordPress:

  • Open wp-config.php located in the root folder of installed WordPress.
  • Insert the following code into wp-config.php

define (‘UPLOADS’, ‘wp-content’/’.’files’);

And your default WordPress upload address will be changed to


  • or, If you don’t want to see “wp-content” then you can use the “define” method without “wp-content”

define (‘UPLOADS’,’.’files’ );

And your default WordPress upload address will look like


  • Default Media Folder Changing mechanism

Insert the following code into wp-config.php

For images: define (‘UPLOADS’,’wp-content/myimages’);
For videos: define (‘UPLOADS’,’wp-content/myvideos’);


2. .htaccess protection from outside world

.htaccess is a configuration file for web server named Apache. It is a very important file because in this file you can protect a directory via password, block IP address, file, folder etc from public access. Once it got into wrong hands your WordPress security might be at risk. You can allow or deny .htaccess from outside world. Just put the small code in the .htaccess file present on the server as written below

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all


3. Disable the directory browsing in wordpress

Directory browsing can be a major loophole in your WordPress website security. It is a big security loophole in WordPress security. Just put a single line of code in your WordPress .htaccess and you are secured from directory browsing activities.

Options -Indexes


Make responsive WordPress themes in minutes using TemplateToaster WordPress website builder and WordPress theme builder


4. Protect Admin area in wordpress

Admin is the Super User in WordPress world. All activities such as add user, delete a user, modify user, FTP access, IMAP email creation etc is handled by the admin account. Admin can be the owner or a hired personality in an organization, blogging etc.
If all activities are handled by admin, then it is must to protect admin area from unauthorized access.

Just go to Password protect directories under Cpanel and add a user of your choice. Add a username and password you want to create and it’s done!!!


5. IP Ban

IP Ban is another method or mechanism to secure your WordPress website. It can be done automatically or manually. In an automatic medium, it can be done with the help of plugins. Some of them are

IP Ban
IP ban is a popular plugin due to its simple interface and easy to use mechanism. It can easily protect your website from unauthorized access by blocking IP Address or agents. In this plugin, you can easily add or create an IP Ban List of which you want to block and save your WordPress website from future calamities. With the help of this plugin, you can easily add

  • IP address of which you want to block.
  • Agents (Users) etc.

IP Geo Block
IP Geo Block is also a very popular plugin on WordPress platform. With the help of this plugin, you are able to protect your website from spam , unauthorized access, and various other trials.

Some of the features of IP Geo Block are

  • Easy and effective way to control immigration: This allows you to blacklist or whitelist a certain country IP address.
  • Prevention from exploit: Adds an extra security of layer by preventing your website wp-admin, themes etc from unauthorized access.
  • Wp-config.php protection: There exist numerous attacks based on wp-config.php. IP Geo block protects it effectively.
  • BBpress and BuddyPress are supported


6. Use Security Plugins

WordPress offers a wide range of plugins that helps in increasing the security of your WordPress website. Plugins reduce your work load and provide optimum security solutions. For choosing the best security plugin for your WordPress website, checkout our article best 5 security plugins that compares the top 5 WordPress security plugins.

Some Tips

Nowadays, Web Security is the major concern of any organization which has an online presence, online business, Website Administrators etc. You can’t ignore the power of the internet. More than 90% of users accessed websites over the globe. Script kiddies are not aware of the fact that there exists some law behind the Virtual world. They spread spam just for the sake of enjoyment. By using some simple tips and tricks you can protect your WordPress website from unauthorized access.

  1. Don’t access your WordPress website from public computers.
  2. Secure your server by implementing SSL, Firewall techniques.
  3. Always follow the rule of Confidentiality, Integrity, and Availability.
  4. Always contact System Security Expert if you see unusual activity in the WordPress admin panel.



As we are humans we have some limitation. 100% web security is a day-dream in today’s world. But we can become perfect by practicing and implementing IT Security policy at each and every department of working class. You can reduce the risk but can’t eliminate it. By using all available and appropriate control, you can reduce the risk of being hacked.

Create High quality WordPress websites with TemplateToaster website builder