≡ Menu

Chapter 22: WordPress Advanced Site Security

Advanced WordPress Site Security

Security is a continual operation, especially when it concerns an online website or eCommerce store. If your website uses WordPress as its core, you might want to learn some advanced WordPress Security features to reduce the associated cyber risks.

Here are a few suggestions that each WP site owner should follow:

1.   Use WordPress Security Plugins with Advanced Features

If you own a website that is updated very frequently or involves transactions, it is essential to enable real-time scans and security surveillance. Manual arrangements won’t be enough. WordPress plugins or external security solutions will be the best in such a scenario.

  • You may use the Sucuri Security It is a well-known WordPress Security plugin that performs security activity audits, blocklist monitoring, post-hack security, and file integrity inspection like crucial tasks in an automated manner.
  • Wordfence Security is another great pick. It deploys a Website Application Firewall to detect and block malicious traffic. Its security scanner can take care of malware scanning, SEO spam prevention, bad URL detection, backdoors, and code injections. 2FA and Captcha enablement is easy with Wordfence.

2.   Disable File Editing from Admin Dashboard

WordPress site owners often share their administrator or other types of user logins with their staff and people as required. However, if your dashboard has the capability to edit core files, there is a chance of mistakenly or intentionally making harmful changes in the code.

To prevent the above, add this one line at the end of your wp-config.php file:

define(‘DISALLOW_FILE_EDIT’, true);

3.   Hide Crucial Files from Malicious Actors

It is suggested to disallow remote access to wp-config.php which is the critical file that has all your WP config details. You can do this via htaccess file by adding below code.

To Deny Remote Access to wp-config.php file:

 Add this text to your .htaccess file (anywhere in the file)

 <Files wp-config.php>

order allow, deny

deny from all


Want information about advanced WordPress security features specific to your need? Write your concern in the comment box below.


go to WordPress Training for non-techies main page