We all know that WordPress is the most popular Content Management System (CMS) out there and is used by nearly 75 million websites. According to WordPress, Over view more than each month and Users produce about and each month. ( ) 409 million people 23.7 billion pages 83.1 million new posts 44.5 million new comments WordPress Activity However, According to statistics, from in Alexa Top 1 Million, more than installations are 40,000+ WordPress Websites 70% of WordPress vulnerable to hacking attacks. With that being said, here are the security tips that might help you to protect your WordPress website. **Apply Login Attempts**Brute Force is one the most used hacking attacks for hackers. If you just let them, they will try to login to your WordPress website until they find your password. Fortunately, there are security plugins like that allow you to limit the number of login attempts from a specific IP Address. Login LockDown **Avoid Using Many Plugins**You do not need to have many plugins that performs same process on your website. Only use with the most updated and most downloaded plugin. Back Up Your Website Often . Seriously, it doesn’t matter how secure your WordPress website is, you should always backup your website. There are many WordPress plugins that can help you to ensure you keep a regular backup such as and VaultPress BackWPup **Consider Automatic Core Updates**If you’re running an Old WordPress Version, all of the security issues of that version is common knowledge to the public. It only means that hackers can easily use those security issues to attack your outdated WordPress website. You can insert a few codes into your file to configure your WordPress website to install major core updates automatically. wp-config.php <a href="https://medium.com/media/91578cb3a8e0516aa183a60b786073df/href">https://medium.com/media/91578cb3a8e0516aa183a60b786073df/href</a> **Delete any plugins or themes you’re not using**Deactivating WordPress plugins isn’t enough; you must click . Removing plugins you don’t need will reduce the probability of being hacked. DELETE **Don’t use “Admin” as your username**“admin” is the most used username on WordPress and most hackers try to get your password by trying to perform a brute force attack on “admin” username. Luckily, you can easily change your “admin” username on your database after installing WordPress. **Eliminate PHP Error Reporting or Turn of the DEBUG mode**If your plugin doesn’t work correctly, it displays an error message publicly. Error Messages is definitely helpful for the owner of the website when troubleshooting, but the problem is, these error messages sometimes contains sensitive information like full server path. Add the code below in your file to eliminate PHP Error Reporting. wp-config <a href="https://medium.com/media/ffbc80e7a111d98373c2e6904d5b8912/href">https://medium.com/media/ffbc80e7a111d98373c2e6904d5b8912/href</a> **Enable Two-Factor Authentication Login**One of the best way to protect your WordPress website from brute force attack is to enable the Two-Factor Authentication (2FA). With this method, after successfully inputting your username and password, 2FA will require you to input a randomly generated code that is sent to your mobile phone or email address. You may use plugin. Google Authenticator **Ensure Scripts, Plugins, and Themes are Up-to-Date**Keeping your stuff updated is another way to protect your WordPress website from potential hacking attack. You can insert few codes into your file to configure your WordPress website to auto update plugin and themes. wp-config.php <a href="https://medium.com/media/6be0dea08aff3ec6109438df67a9e3a9/href">https://medium.com/media/6be0dea08aff3ec6109438df67a9e3a9/href</a> **Install Security Plugins**You should also install security plugins to protect your WordPress website from different kind of security threats. These are the most used security plugins: , , and . Wordfence Security iThemes Security All In One WP Security & Firewall **Protect Your Sensitive Files and Directories Using .htaccess**Implementing this tip can have such a huge impact on your entire website security. You may insert the code below in your .htaccess file to prevent public user from viewing your website’s directory. <a href="https://medium.com/media/3a2c11290369e1f8d1efd947db7b1194/href">https://medium.com/media/3a2c11290369e1f8d1efd947db7b1194/href</a> **Secure The wp-config.php File**The file contains the confidential information of your WordPress website. It is one of the most important file of your website so make sure it is secure. To protect this file, add the following code below in your file. wp-config.php .htaccess <a href="https://medium.com/media/20a76f549882ad582162daf1804e0d24/href">https://medium.com/media/20a76f549882ad582162daf1804e0d24/href</a> Use HTTPS Secure the traffic on your WordPress website with a free shared SSL Certificate from You may also use the FREE SSL Certificate of Cloudflare . . Let’s Encrypt Bye.