4 Simple Tactics You Should Use to Strengthen Your WordPress Security

Ray Wang

The security of a website should be a top propriety of organizations because if a website is hacked or breached critical data such as customers’ personal information may be leaked, or the website may be redirected to another website and the you need to restore the website.

To prevent encountering catastrophic events with your website, strengthen your website security, reduce vulnerabilities, and decrease the likelihood of your website getting hacked.

Here are four tactics you should implement to enhance your WordPress website security:

1.  Remove Inactive Plugins

Removing inactive plugins from your WordPress website reduces the number of codes on your website. Fewer lines of codes means fewer lines of codes that can be exploited for malicious purposes.

Take the following to remove inactive plugins:

Removing Inactive WordPress Plugins

Removing Inactive WordPress Plugins

Removing Inactive WordPress Plugins

2. Block Spam Comments

Hackers can inject malicious codes in your comments to harm your website and your web users. For example, a hacker can inject malicious JavaScript codes in your comments box so when online users visit your website, the JavaScript codes are executed on the visitors’ browsers and their browsers or computer gets attacked.

To block spam comments on WordPress, use Akismet. It is a plugin that protect websites from spam comments.

Take the following steps to install and activate Akismet:


Akismet Spam Comment
Akismet Spam Comment
Akismet Spam Comment
Akismet Spam Comment

Once you have installed the plugin and selected plugin settings, Akismet will block all spam comments!

3. Secure Login Page

By default, you can login a WordPress website as many times as you wish. This gives hackers unlimited attempts to use brute force attack and access your website.

To secure the login page by limiting the number of times a person can login a WordPress website, use Cerber Limit Login Attempts.

Cerber WordPress Login Security

Once you have installed and activated the plugin, you can enhance your login security by limiting the number of times a person can attempt to login within a specific timeframe, block access to wp-login, and create a custom login login URL so users can’t attempt to login using the standard login URL, wp-admin.

4. Block IP Addresses

If you have access to which IP addresses are visiting your website and you find the IP addresses suspicious (e.g. IP addresses from overseas and it’s unlikely customers in those areas would be interested in your products or services), you can ban visits from these IP addresses. To do, download and activate the WPBan plugin. Once you have activated the plugin, you add a list of a IP addresses and ban web traffic from these locations.


Website security is critical in protecting your content, company info, and customer info. By using the tactics above, you can decrease vulnerabilities on your website, reduce opportunities for hackers to inject malicious on your website, decrease chances for hackers to attempt to access your website, and ban suspicious and potentially dangerous website traffic from specific locations.

If you are interested in a comprehensive website audit for your website, please email us at raywang@rwdigital.ca or submit a form below.

The Contact Form 7 plugin is not activated


E-commerce requires the company to have the ability to satisfy multiple needs of different customers and provide them with wider range of products.

Copyright ©2019 SwiftShop Limited. All rights reserved.