The WordPress Security for DIY Users


If you do everything we have said so far, you are in very good shape.

But as always, there is something else you can do to strengthen your WordPress security.

Some of these steps may require encoding information.

Of the top 10 million websites in the world, 35.1% of websites work on WordPress. There is approximately 43.2% of the web market shared by CMS (Content Management System), of which WordPress owns 60.1% share. Therefore, we can say that WordPress is used by one third of the Web.

In my previous posts we showed comparisons of security plugins. I’m trying to post everything for a DIY wordpress user. To learn wordpress security and you do not need to hire a wordpress security expert and save your money. In that section today we will discuss 13 WordPress Security Strategies for DIY Users.

And to do that I will explain the things you need to understand about WordPress security and I will show you DIY ways to strengthen the security of your WordPress website from start to finish. So get started.

In the old days, the username of the default WordPress administrator was “admin”. Since usernames make up half of the login details, this makes it easier for hackers to attack.

Thankfully, WordPress has already changed this and now requires you to choose a custom username at the time of installing WordPress.

However, some WordPress installer clicks 1, still set the default administrator username to “admin”. If you find that to be true, it might be a good idea to change your web hosting.

Since WordPress does not allow you to change usernames automatically, there are three ways you can change the username.

  • Username and delete the old one
  • Use the Username Changer plugin
  • Update username from phpMyAdmin

We have included all of this in our detailed guide on how to properly change your WordPress username (step by step)

How to disable file editing

WordPress comes with a built-in code editor that lets you edit your themes and plugin files from your WordPress admin area. In the wrong hands, this feature can be a security risk, which is why we recommend turning it off.


You need to do one simple thing to disable editing files on the WordPress website. You need to access the wp-config.php file and paste the next piece of code.

// Do not allow file editing
define (‘DISALLOW_FILE_EDIT‘, true);

Alternatively, you can do this with a single click using the Confirmation feature in the free Sucuri plugin mentioned above.

Protecting the Admin and Login pages with a password

If you are able to protect the Admin and login pages of your WordPress website with a password, you will be able to install an additional layer of protection on the site. There are plugins, which can help you get that functionality. Or, you can simply submit a captcha to the sign-in pages. After that you will be able to minimize the threat posed by DDoS attacks.


Usually, hackers can ask for your wp-admin folder and unlimited login page. This allows them to try out their hacking tactics or attack DDoS.

You can add additional password protection at the server level, which will effectively block those requests.

Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.

Reduce the number of simultaneous logins

WordPress also allows simultaneous login with a specific username and password. This could be another safety risk to consider. If you are the only person to use WordPress credentials, you should limit the number of one-time entry. Fortunately, WordPress provides the ability for you to do the same.

There is a plugin called Block Double Logins that you can install on your WordPress website to accomplish this functionality. After installing this plugin, you will be able to reduce the number of logins. If you are the only person who will use the WordPress website, then there is no need to leave things as they are.

Automatically log out idle users in wordpress plugin

Idle users can pose a security risk. When an account stays for a long time without communication, it increases the chances of a hijacking session. This is where the hacker can gain control of the account without using credentials to sign in. This is one of the driving forces behind why many banks and other institutions automatically dismiss unemployed users.

If you are using a WordPress website alone, you may not think much about staying idle. But even your own account can be exploited that way. Never assume that your website is too small to get the attention of hackers and bots.

In this tutorial, I will show you how to log in without idle users to improve your WordPress security. This is one of the many ways to keep your site safe.

Setting WordPress to Log Out Idle Users

You will need to install and activate the Inactive Logout plugin. When activating, visit Settings »Inactive page to set up plugin settings.


Just set the duration and add an exit message. Don’t forget to click the save button to save your settings.

Limit Login Attempts

Hackers specify login credentials to access WordPress sites every minute of the day. In fact, the WordPress login page is the most attacked page on the WordPress site.

When a hacker enters, they gain full access to your administrator dashboard and can control your site. From there, they can misuse your site to advertise and sell illegal and fraudulent products, spam your visitors, steal your business information, among a long list of bad practices.

Fortunately, you can protect your login page by limiting the number of login attempts the user is given to install the appropriate credentials. In this guide, we will show you.

how to setup limit login attempts on a WordPress site

First, you need to install and activate the Login LockDown plugin. For more details, see our step-by-step guide on how to install the WordPress plugin.

When activating, visit Settings »LockDown Login Page to set up the plugin.


For detailed instructions, see our guide on how to limit attempts to login to WordPress and why.

Add Security Questions to WordPress Login Screen

By adding security questions to the WordPress signup page, users will be asked to set a security answer with an answer. After that the user needs to answer the login security question as set during registration on the site. If a user enters the wrong response, they cannot sign in.

Similarly, with a WordPress password, the security question has a major impact on WordPress security. If you are using a multi-authoring site, then you may need to add security questions to the WordPress login screen.

For example, a WordPress username and standard password can be easily accessed, but the security question and answer are not speculative. So there is no way to break it. This way you can protect your site from hackers and spammers.

First, you need to install and activate WP Security Question from the WordPress plugins directory. The WP Security Plugin enables the security query option in WordPress subscriptions, login and password forget.



  • You can add an unlimited number of security questions.
  • You can show / Hide the security question on the signup page, login page and forget the password page.
  • Users can set a security response from their profile page.

Adding a security question to your WordPress login screen makes it even more difficult for anyone to gain unauthorized access.

You can add security questions by installing the WP Security Questions plugin. When activating, you need to visit Settings »Security Questions Page to set up plugin settings.

For detailed instructions, see our tutorial on how to add security questions to the WordPress login screen.

116 thoughts on “The WordPress Security for DIY Users”

  1. Pingback: hydroxychloroquine clinical studies

  2. Pingback: ivermectil dose for humans

  3. Have you ever considered about adding a little bit more than just your
    articles? I mean, what you say is important and everything.
    However imagine if you added some great images or videos to give your posts more, “pop”!
    Your content is excellent but with images and clips, this blog could undeniably be one of the greatest in its
    niche. Terrific blog!

  4. Pingback: priligy walgreens

  5. Unquestionably imagine that that you said. Your favorite reason seemed to be on the internet the easiest factor to take into account of.
    I say to you, I certainly get annoyed whilst folks consider
    issues that they just don’t understand about.

    You managed to hit the nail upon the highest and also outlined
    out the entire thing without having side effect , people can take a signal.

    Will probably be again to get more. Thank you

  6. It is the best time to make a few plans for the longer term
    and it is time to be happy. I have learn this submit and if I may I desire to suggest you few interesting things or suggestions.

    Maybe you can write next articles relating to this article.
    I desire to read even more issues approximately it!

    my web page: diaper deals (Justin)

  7. Pingback: plaquenil amazon

  8. Pingback: stromectol made of

  9. Pingback: stromectol for wounds

  10. Normally I do not read post on blogs, but I would like to
    say that this write-up very pressured me to check
    out and do it! Your writing style has been surprised me.

    Thanks, quite nice post.

    my web site certified professional coder; Russell,

  11. I happen to be writing to let you be aware of what a excellent experience my friend’s daughter
    enjoyed studying your blog. She figured out such a lot of things, which
    include how it is like to possess an incredible giving spirit to get most people without difficulty know just exactly selected advanced topics.

    You actually did more than our desires. I appreciate you for producing these powerful, safe, explanatory and also unique tips on that topic to Mary.

    my web blog – certification questions,,

  12. Pingback: deltasone for burn infection

  13. Pingback: stromectol birth control

  14. Профессиональные психологи. Консультация у психолога Консультация у психологов.

    Индивидуальный подход к консультированию!

    Консультация психолога. Консультация психолога онлайн.

    Онлайн-консультация у психолога.
    Консультация у психолога.

  15. Hi there! This is kind of off topic but I need some guidance
    from an established blog. Is it difficult to set up your own blog?
    I’m not very techincal but I can figure things out pretty quick.

    I’m thinking about setting up my own but I’m not sure where to start.
    Do you have any points or suggestions? Cheers

  16. Does your blog have a contact page? I’m having problems locating it but, I’d like
    to send you an e-mail. I’ve got some recommendations for your blog you might be interested in hearing.

    Either way, great site and I look forward to
    seeing it develop over time.

  17. Pingback: will stromectol treat head lice parasite

  18. I simply desired to thank you so much once more.
    I’m not certain the things that I would’ve achieved without those creative concepts revealed by you over this subject matter.

    It had become a real scary concern in my position, nevertheless witnessing a professional avenue you solved the issue made me to leap with delight.
    I’m just grateful for the assistance and even believe you
    find out what an amazing job you have been undertaking
    teaching men and women via your site. I’m certain you’ve never got to
    know any of us.

    My homepage; exams centred (Roxanna)

  19. I’m just writing to make you understand what a cool experience my wife’s princess developed viewing
    your web site. She noticed a good number of details, not to mention what it is like to possess an excellent giving nature to have certain people without difficulty
    gain knowledge of specific impossible subject areas.
    You really surpassed people’s expectations. I appreciate you for distributing these warm and helpful,
    healthy, informative as well as cool tips about this topic to Kate.

    Here is my web site :: hp0-j23 exam (Jeannie)

  20. Pingback: ivermectin for parakeet mites

  21. Pingback: stromectol dosing by weight

Leave a Comment

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap