Tricks to Improve WordPress Website Security for Online Business

Who says the task of building an online store website is only completed when the website is on page 1 of Google? Who says having a website with a busy number of visits because a fast website is enough?

In fact, this advantage becomes a gap for those who are not responsible. Seize opportunities to enter and damage our website.

Reported by, the number of hackers who managed to break into websites around the world reached 45,000 every day. This figure includes those who managed to break into and damage the system inside online shop website that uses WordPress.

Then how to improve data security in online shop website we? Of course you can’t just use a plugin. There are several tips and tools that can be applied to improve the security of a WordPress website.

Here is his review:

  1. Change login URL

To change the login URL may be very easy to do. By default, the WordPress login page is easily accessible via WP-Login.php or WP-admin, added to the main URL of our website. When hackers know the URL that we have, then they will try to enter the website. They can even log in by trying HWDb(Guess Work Database, ie when the database username and password can be guessed. For example username: admin and password [email protected]… With millions of such combinations, hackers will find it easier to enter).


plugging in iThemes Security, it can help you change the login URL, such as:

  • Change wp-login.php to something unique, for example my_new_login
  • Change /w-admin to something unique, for example my_new_admin
  • Change /wp-login.php?action=register to something unique, for example my_new_registration
  1. Use email as method to login

By default, we will only fill in the username to login to the WordPress admin page right? Using an email ID instead of just a username will increase the security on our website. The reason is quite clear, because usernames are easy to predict, while email IDs are not. In addition, every WordPress account is always created with a unique email address, making it more secure. You can use the WP Email Login plugin to help you login with email.

  1. Change admin name

During the installation of WordPress, never name yourself as “Admin” as the main administrator owner. Usernames that are easy to guess will be approachable by hackers. And this of course would be very dangerous.

  1. Be careful when adding other user accounts

For those of you who have websites with multiple users, such as news portals or online store websites that have more than 1 admin. So try to create a username very carefully. The Force Strong Password plugin can be your solution.

  1. Customize your website password

For those of you who are used to making passwords with combinations 123456789

or abcdef or even with the initials of the name, then try to change it. Use password generate to get a well-encrypted password.

  1. Use a strong password for the database

Again, don’t use password combinations that are easy for others to guess. Use a combination of uppercase, lowercase, numbers and special characters for your WordPress password.

  1. Don’t ignore the files in the database

Monitoring file names in WordPress can also help us improve WordPress security. So, make sure you know and keep an eye on any filename changes in WordPress.

  1. Rename table in WordPress database

If you are familiar with WordPress then the file with the name WP prefix is ​​in the database. Try changing it to something more unique and only you will know. Such as mywp-, wpnew-, etc. Because using the default name in the database is very vulnerable to SQL injection.

  1. Implement 2-Factor Authentication

Two Factor Authentication(2FA) is a method used by WordPress owners to increase the security of their website data. With this plugin, users will provide login details for 2 components differently. Online shop website owners can decide to use both. There will be many levels, such as secret questions, secret codes, sets of codes, and much more.

  1. Use a plugin that helps lock the security of the website

Before logging in, make sure to use security first. One that can be maximized is to use the iThemes Security plugin, for example. Because one of the hacking attempts when they want to enter a website is their attempt to log in continuously. With this plugin, WordPress will ban the IP address of attackers who have tried many times to login.

  1. Use SSL to encrypt data

Apply SSL certificate(Secure Socket Layer) on a WordPress website is a smart move to secure the website admin panel. SSL will ensure secure data transfer between the user’s browser and the server, making it difficult for hackers to enter the admin page. Implementing SSL serves to improve website data security. As provided by, SSL can be used for websites with WordPress CMS.

  1. Make regular backups

No matter how secure your WordPress website is, keep trying to improve website security. One way to do this is to backup files regularly. It looks really inconvenient, but you can use the services WordPress Hosting Indonesia to help you do regular backups. This will make it easier for you to improve website security.

  1. Protect WP-Admin directory

The WP-admin directory is the heart of every WordPress website. If this part is violated, it could be that other parts will be easier to damage. One way that can be used to increase security is to protect the wp-admin directory. With such a security measure, website owners can access the dashboard by submitting two passwords. The first is to protect the login page, and other admin areas. If a website user is asked to access certain parts of wp-admin, we can block those sections while locking the rest.

  1. Disable important file editing

Don’t let anyone make edits to your WordPress files. Because the existing files include plugins and themes. You can disable important files by adding code to the wp-config.php file:

Define(‘DISALLOW_FILE_EDIT’, true);
  1. Protect WP-Config.php

The wp-config.php file contains important information such as the WordPress installation, and it is actually the most important file in your website’s root directory. By protecting the file, it will automatically protect your WordPress blog. And you need to know, it will be difficult for hackers to breach the security of your site, if the wp-config.php file is not accessible to them.

  1. Setting directory permissions carefully

Giving the wrong directory permissions can be fatal, especially if we are in an environment shared hosting. In this case, changing file and directory permissions is a good step to increase website security at the hosting level. Such as setting directory permissions to “755” and files to “644”, then all files will be protected.

  1. Disable directory listing with .htaccess

If you’re going to create a new directory as part of your website and don’t include the index.html file in it, then don’t be surprised when visitors don’t get a complete directory list of everything in your directory. You can prevent this by adding the following line of code in the .htaccess file:

Option All -Indexesk
  1. Remove WordPress version number

Why is this important? Because by removing the WordPress version number, this will keep WordPress safe from hackers. Because, if they know what version we are using, then it is easier for them to adapt attacks to enter and damage our website. Hide the WordPress version number with almost all the security plugins mentioned above.

  1. Make sure the server you are using is secure

When setting up the website, connect the server only via SFTP or SSH. SFTP always prefers traditional FTP because of its security features which of course are not associated with FTP. Items would have been much safer. Many hosting service providers, such as, offer this service to increase security on their WordPress.

  1. Find the right partner

The last and no less important is choosing the right partner to maintain website security and help make our website much more optimal in running an online business. WordPress Hosting Indonesia can be the right partner. Because, apart from being provided specifically for WordPress, this hosting provides a lot of convenience. So that those of you who run an online business will focus more on business development. And the speed and security optimization will be assisted by the service provider WordPress Hosting Indonesia this.

So, those of you who still think that an online store website that has entered page 1 of Google is enough to make you successful, then think again and again.

Maintaining the security of the website is no less important, because it is a mandatory item if you want to develop a business using a website.

So, don’t let you miss some of the things above, OK?

Create by Ipadguides in category of Website