page contents
how-to-protect wordpress from hacking

How to Protect WordPress from hacking


Do you know how to protect WordPress from hacking? Is your website or blog built with WordPress CMS? Are you aware that you may be at risk if you do not protect your website?


Today WordPress Software has become one of the most used Content Management Systems by web developers  or anyone who wants to build easily a blog, website or an online store. Unfortunately if you do not know how to protect WordPress from hacking you may become an easy target.


Below I am going to list some preventive measures that will show you how to protect your WordPress website from hackers and help you improve your WordPress website security.

It’s not guaranteed that you will keep the hackers away, but at least you give them hard time if they try to access and compromise your site.


Change the Default Password & Username


The simplest way on how  to protect WordPress from hacking is to change the default credentials. Any WordPress site can be accessed by adding /wp-admin to the domain name. This will take anyone to the login area where the username and password is required to access the site.

In order to secure your website the default username (admin) should be changed to something harder to guess. Next step is to choose a new password stronger that will include letters, symbols, signs, spaces.


The default WordPress password is very strong but it’s good to change it or add more symbols to it. The length of the password is very important and it should not be less that 16 – 18 characters.

If you already have installed WordPress with the default username & password you can always create a new user. Then give an appropriate name and password, assign the administrator role, and sign out of the account. Next when signing in with the new username go to “Users” and delete the old (that has been created by default) username.


Finally, go to “Users”-“Your Profile” and change the default Nickname with something different than your username. It’s a good practice  as it’s always assigned to the posts and it’s very easy for a hacker to know what is your username by simply looking at the bottom of the posts (see who wrote the post).


If you know how to protect your WordPress  from hacking you will get an advantage against those who try to take down your blog or hack your WordPress website. Changing the username and password of your WordPress  websites or blog should always be prioritized as most WordPress users leave their default login credentials.


Limit Login Attempts


Another best practice is to Limit the Login Attempts. This can be easily achieved by  installing & activating a simple plugin Login LockDown . This plugin is highly customizable and easy to set up. By limiting the login attempts you can protect from the brute force attacks  which is one of the preferred method by the hackers.

There are also different plugins such as Wordfence Security, that allows to limit the login attempts,  scan the website for threats (malware, spyware), perform regular check-ups, block IP’s etc. The Premium version  lets you block  countries (where you will get the most attacks from) , two way authentication (cellphone sign-in), url blocking, etc.


Back Up your Website


Backing up your site is a good practice as it can help you access your files (post, comments, page database, link) in the event they get erased or corrupted. Backing up is relatively easy to achieve.

Just install and activate a plugin such as BuckupBuddy  and you will get the most reliable plugin that is available out there. It is not free but is one of the most used plugins for backing up and for migrating your site from one host to another.

There are also free plugins that do the same thing such as :DropBox Back Up &Restore, BackupWordPress, UpDraftPlus Back Up & Restoration, etc.


Update your WordPress Software and Plugins Regularly


It is recommended that you keep the WordPress website updated  to the latest version as there might be vulnerabilities in the older versions. By doing so you are always a step ahead of the hackers and benefit from the latest security upgrades.  Also all the plugins should be updated regularly in order to get the maximum protection for your site.


Keep wp-config.php file Secure


The most sensitive data about your website is stored into the wp-config.php file . You may want this data to be protected from the prying eyes right? All you have to do is add the below code into your .htaccess file and you are protected against hacking that involves your wp-config.php file.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all


Protect against script injection hacks


This is one of the preferred method used by hackers that use JavaScript injections, SQL injections, Jquery Injections to gain access to your site. Sometimes this injections are possible due to vulnerable plugins or themes installed.  In order to protect WordPress from hacking through script injectionsTyou will need to place this code into your .htaccess file in your root directory.

# protect from script injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]


Disallow PHP file uploads


Hackers always look for for vulnerabilities in your directory where they can post spamming scripts. File permissions are very important as they let us perform tasks in our files but you should be aware that hackers know this and you should never have a 777 permission set up.


If you are using any plugins that allow to rewrite permissions in order to upload or write permissions for images you are vulnerable to hacking. Fortunately, to avoid this from happening place the below code into your .htaccess file located in your root directory. Always back-up your .htaccess file

#redirect php script requests to nothing
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*)\.php$ $1.htm [NC]

#no php access
<files *.php=””>
deny from all


Stop Directory Browsing


Often hackers are looking for security vulnerabilities in your website or blog by browsing the website directory. In order to prevent this from happening you’ll need to add this piece of code in your .htaccess file located in the root directory.

# disable directory browsing
Options All -Indexes


Keep your Computer free of Viruses & Malware


You may think that this won’t affect your website/blog/online store but if your computer is infected with viruses you can become a very easy target for hackers. Viruses & Malware (keyloggers, macro viruses, trojan, spyware,) are always hidden in programs you download of the Internet, email attachments (never open an . exe file), etc.


Protect .Htaccess file


.htaccess file can be vulnerable to hacking if not properly protected. The code below prevents external access to any file with .hta. To accomplish that just place the below code in your .htaccess file and you are sorted. If using All In One SEO plugin you can edit your .htaccess file from your dashboard.

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

Tips: I always recommend backing up your  .htaccess file before doing any modifications or adding any code.


Block Search Engine Crawlers from Indexing the Admin Area


Another way to protect WordPress from hacking is block accessing the admin area. You may not be aware but search engine spiders (crawlers, bots) index every bit of content of your website.

There is nothing wrong with that but you may want to block indexing the admin section as there is very sensitive information about your website. Even if you tell the search engines not to index a particular section of your website you may be certain if they are indexing or not.

The best way to stop the search engines crawlers is to add this code into your robots.txt file in your root directory.

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*


Tips: If you are using All In One SEO plugin (WordPress only) you can edit your robots.txt file from your dashboard.


Restrict Admin Area


If you have a site that does not require registration you can restrict access to the wp-admin area by simply adding the following code to your .htaccess file . Replace the zz.zzz.zzz.zzz with your IP address .

<Files wp-login.php>
order deny,allow
Deny from all
Allow from zz.zzz.zzz.zzz


Finally, if you are looking for a web developer in Dublin that can show you how to protect WordPress from hacking,  and implement the correct security measures please contact Luigy’s Web Studio at info(at) . We will make your website, blog, e-commerce store bug free and keep it up-to-date with the latest security software available.


How to Build a Powerful Online Presence for your Business

digital marketing agency dublin

Looking for ways to get more clients for your small, medium business? Do you find it difficult to compete with big brands? Want to increase customers engagement & retention? Then you need to build or improve your business your online presence

The usage of social media by people around the world is growing at a very high rate (can’t complain). It is one of the most sought online activities that Internet users (customers) engage in nowadays (sometimes addictive:).

From video browsing on YouTube to connecting with favourite brands on Facebook, TikTok or Instagram social media has become an integrated part of our social lives.

Latest statistics shows that people are spending 2 hours and 25 minutes per day on their favourite social media channels.

This trend offers countless opportunities for businesses (small, medium or big) to reach out to their customers (audience) through various digital marketing techniques and strategies.

Another benefit of social media is that it offer businesses cheap ways of advertising their business products or services (unlike traditional marketing).

The point here is that if you don’t take advantage of social media offerings your business is likely to lose a big chunks of the market.

Below I am going to list 5 ways that businesses can utilize to build their online presence. Some are virtually free and easy to implement.

  • Build a Brochure Website – useful to showcase your business, brand products or services. Adding a News/Blog section will add more value to your website and it will increase its presence & discoverability on search engines. In addition will improve website Search Engine Optimization (SEO)
  • Build an Email List –  A business email customers list will enable you to engage with current customers and prospects on regular basis. Once you have built the list you can start creating Email Campaigns (fortnightly or once a month ideally) and send them to your customers. Email marketing is one the most effective (up to 3 times more powerful )and cheap way or marketing. It is easy to implement, configure and automatize.
  • Create a business page on social media media channels associated with your customers– ideal to create for every business. Useful as it allows brands to engage with customers through comments, reviews, messages. Good way to show your customers your business latest offers, promotions, events, galleries of your products, etc.
  • Create a Business YouTube Channels – Lets you upload videos with your products, engage with your audience, create beautiful slides showing your services (using native tools). Videos are easy to shoot nowadays, you only need a smartphone. YouTube advertising is one of the most powerful ways of promoting your business.
  • List your business on Business Online Directories – There are a multitude of platforms (depending of your country) that allows you to list your business on these directories (Golden Pages, Yelp , Yalwa, Bing Places, Google My Business, Kompass, Yahoo, AboutUs, etc). The benefits are that increase your business discoverability, reputation and trust. In addition you boost your business online presence and increase brand awareness.

Are you unfamiliar with the above ways of building your business online presence? Need help or advice? At Luigy’s Web Studio we can look after your brand, business online presence on a weekly or monthly basis. All you have to do is contact us at info(at)luigy’s-webs-tudio(dot)com.

If you found this information useful we would be very grateful if you could share it with your friends.


Things to consider when building your business Digital Marketing Plan


Are looking to build your digital marketing plan in order to increase your brand, business awareness and sales? Want to succeed with your digital strategy but dont know or dont have enough time? Dont know what content suits a social media channel?

Have a look at the most commonly used content formats by digital marketers. Below channels are very effective when thorough audience research is done (you can’t simply guess or make assumptions who and where your customers are).

Facebook: Canvas, Video (use canvas as a post)

Instagram: Video, Carousel

Snapchat: Real-time resource formation

Video: Social, Pre-Roll, VOD

Display: Image, copy and dynamic

Pay Per Click: Texts ads, sitelinks, phone, and other ad extensions

LinkedIn: InMail, Posts, Display Formats

Twitter: Cards, Tweets, Video, Lead Generation

If your business needs social media marketing, a website, social media advertising, PPC advertising, SEO in order to increase its online presence don’t hesitate to contact Luigy’s Web Studio.


Core Elements of Digital Strategy Development


A Digital Marketing Strategy is the practice of marketing your business services or products to your customers or prospects through online digital channels.

It consists of 5 distinctive steps: Objective, Channel Strategy, Content Strategy, Media Strategy and Tactics.

1. Objectives – setting the goals you’re trying to achieve.

Is divided into 3 categories: Awareness, Consideration, Retention & Conversion. For a business is very important to identify the priority of the objectives.

2. Channel Strategy – This is about understanding what is possible with the formats, channels you’re going to use. Also how you’re going to use the available digital channels available to you. Pay attention that not all channels available to you are used by your customers. Therefore, research is required to identify your target audience and what digital channels are they on.

3. Content Strategy- This encapsulates everything that you’re using on your website and on your social media channels. It consists of text, video, images, banners, etc. Important to do thorough research to find what content is most suitable for your target audience.

4. Media Strategy – Its about how you are reaching your customers with ads. How you’re utilizing your pay activity and how you’re making sure that you reach the right people using formats and targeting available to you. Is often ignored by small business because of its complexity.

5. Tactics – Very often the tactics are mistaken as a strategy. They are individual executions that are part of making up your digital strategy. For example tweets, blog posts, etc

.If you found this post helpful please give it 👍 A SHARE would be helpful too ☺️