Secure your WordPress Installation

There are many plugins that can be used to enhance the security of your WordPress website. Additionally you can add some code to your local .htaccess file that will work in conjunction with plugins to really harden your installation against attacks. Below I’ve outlined some specific plugins I have found useful as well as some instructions that can be used to secure your installation.

Ultimate Security Checker by Eugene Pyvovarov is a security plugin that performs simple checks on your WordPress installation and can be used to highlight missed aspects of your installation.

WP Security Scan by WebsiteDefender is another useful WordPress security tool that will give your website a rating dependent on how secure it is.

Better WP Security by is a tool that will automatically ‘harden’ your website against basic WordPress attacks. Be careful with this one as you can harden your website so securely that you may be unable to get back in!

In order to modify your .htaccess file merely FTP into your website and modify the .htaccess file with a text-editor of your choice. I prefer to use WinSCP for FTP as it has a built-in file editor. If you’d like to use WinSCP, you can download it from here.

Once you’ve logged into your FTP modify the .htaccess file located at the root of your installation.

In order to block specific IP addresses from accessing your WordPress site, merely add the following code to the .htaccess file replacing the IP’s I have listed with the ones you’d like to block.

order allow.deny htaccess

Additionally you can add the following code to harden your WordPress install against the use of malicious code that can be injected into your site.

mod_rewrite.c code

Once you’ve added the code listed above merely save the .htaccess file and you should be good to go. I’ve also included a link at the end of this post with good information on other methods you can use to secure your installation.

Hardening WordPress Installation
Courtesy of