WordPress Security

wordpress security

WordPress is a popular blogging platform and according to a recent survey, around 26% sites on the Internet are powered by WordPress.

But, as you know, “with greater power comes great responsibilities”, WordPress has become a major target for hackers.

WordPress security is something you should never take lightly.

Hackers from around the world are targeting WordPress Websites that have security loopholes.

A survey reveals that out all the blogging platform hacked during 2016, WordPress was on the top in the list. See the chart below.

number of wordpress websites hacked

Does that mean WordPress isn’t secure? No. If your site gets hacked then it’s all your fault and not of WordPress.

WordPress is an open source platform and almost all open source (with few exceptions) are prone to hack.

But, it can be secured. It can be secured up to a great extent which will give a tough time to hackers trying to bypass the security.

And whose job is to add those extra levels of security? You guessed it… Yours.

You put a lot of time and efforts in establishing your WordPress site and get it to be popular within your niche.

So, it’s always recommended to take care of security and making securing your site the first priority.

In this article, I’ll discuss some common, uncommon, and creative ways to secure your WordPress site.

But before, you need to know what types of attack is WordPress vulnerable to –

Types of Attacks WordPress May Face

  • Backdoors: Injected code within files or plugins on your server. Most common is the use of nulled plugins and themes.
  • Pharma Hacks: Used to insert rogue code in outdated versions plugin, theme or WordPress itself.
  • Brute Force: Using automated scripts to exploit weak passwords and get access to your WordPress dashboard.
  • Malicious Redirects: It creates backdoors in WordPress installation using FTP, SFTP, wp-admin, and other protocols.
  • Denial of Service (DoS): a Most dangerous form of vulnerability, which exploits errors and bugs in the code to overtake the memory of website. DoS attacks were able to bring down the internet On October 21st, 2016.

So, now let’s get started and understand ways to improve WordPress security like top bloggers.

11 WordPress Security Tips To Secure a WordPress Website

Move to a Secure WordPress Hosting Provider

I have always stretched my clients to chose a secure web host which understands website security and takes necessary steps to keep your site safe.

If you’re using a low-quality hosting service from a bad reputed host then immediately migrate your website to one of our recommended WordPress hosting providers.

Use a clever username and complex password

The next important security check you can do is to set a unique username with a complex password. It is often underestimated by a lot of site owners and they simply use username admin and set a password to 123456.

I understand you’re in a hurry while installation but do change it to something more secure afterward. You can try this password generator to get a strong password.

Below are the results of a security survey which reveal passwords of hacked websites.

  • 123456
  • password
  • 12345
  • 12345678
  • qwerty
  • 123456789
  • 1234
  • baseball
  • dragon
  • football

As you can see, people are this dumb to use silly passwords.

Always Update to Latest Version

Updates are for your goods. Every update of a software brings some good changes and most of the time updates are rolled out due to security issues.

Having outdated plugins or themes installed on your WordPress site leads to Pharma Hacks attack.

You can download the latest WordPress version from here.

Change WordPress Login URL

It is a clever tactic used by top bloggers to secure WordPress sites.

By default, the login URL of your WordPress site looks like http://www.yoursite.com/wp-admin/

And the first step hackers try is to visit this page and try random login credentials.

Changing WordPress login URL improves your site security to a good extent and keeps you safe from noob hackers.

Use free WPS hide login plugin to change the default login URL.

Limit Login Attempts

Another simple yet creative way to secure your site is to limit login attempts by a user.

Often the hacking scripts are automated and fixed to keep using different credentials until they get some data. By limiting the login attempts, WordPress will disable the login for the user or browser used.

Use the free Cerber Limit Login Attempts plugin and it will handle this job for you.

Enable Two-Factor Authentication

Two step factor authentication is probably the best way to secure your website as it adds an extra level of security which is almost impossible to break.

It involves a 2 step process in which you need a second method alongside the units login credentials. The second method used is generally a text (SMS), phone call, or time-based one-time password (TOTP).

You can use Authy plugin to add two-step authentication to your website which allows up to 100 authorization per month.

Another recommended plugin is Google Authenticator which entirely free and makes a use of secret keys or QR codes.

Install HTTPS – SSL Certificate

Secure Socket Layer certificates add an extra level of security to your HTTP request and it can prove to be secure for your site as well as user’s information.

Sites with active SSL certificates have added S in the HTTP version.

Also, there will be a green padded lock which signifies that the site is secure.

You can either use CloudFlare or LetsEncrypt services to add a free SSL certificate onto your website or you can buy a SSL certificate from Godaddy.

Disable File Editing in WordPress Dashboard

WordPress is commonly used by many users and the administrator often allow multiple users with full access.

Due to the nature of work, it may become a compulsion to allow full access which may turn out to be a nightmare for the original website owner.

For security, you should disable Appearance Editor which contains codes of your WordPress site.

Also, there’s no need for other users to see the code as they aren’t going to use it for any contribution.

To disable Appearance Editor from other users, simply add the below lines of code in your wp-config.php file.

define(‘DISALLOW_FILE_EDIT’, true);

It will remove the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users.

Use WordPress Security Plugin

The next big step to secure your WordPress website is to install a WordPress security plugin which would take care of most of the work.

There are a lot of developers and services which prove hardening of WordPress and some of these are:

I personally use WordFence security plugin on my site and it does a great work of handling basic security issues such as but not limited to:

  • Generating and forcing complex passwords while adding new users.
  • Malware scanning
  • WordPress Security Firewalls
  • Two Factor Authentication
  • reCAPTCHAs
  • IP Whitelisting and Blacklisting
  • Monitor DNS Changes

Enable DDoS Protection

DDoS is a type of DoS (Denial of Service) attack which is getting common day by day.

Unlike other attacks, DDoS attack is not used to hack and retrieve data from your site but takes your website down for hours or even for days.

To secure yourself from these attacks, what you can do is to use 3rd party security services such as CloudFlare.

CloudFlare is one of the biggest DDoS protection networks and they use this network to keep your site up even if it’s a victim of DDoS attacks.

Most importantly, they offer a free service which makes it worth giving a shot.

You can also consider moving to a DDoS protected dedicated server if your website receives heavy traffic.

Take Daily WordPress Backups

By applying above security tips, there are very fewer chances that your site will be hacked, but you should always be prepared for the best.

If in case your site gets hacked and you lose all of your data, then having a proper recent backup is the only way you’ll be able to recover and get your site up and running again.

Most of the quality web hosting service, inclusive SiteGround takes daily backup of your site and they’ll help you recover this backup data.

You can also take daily backup of your site using the free UpdraftPlus WordPress plugin which enables you to take periodical backups to remote storage systems.

Refer to this guide to learn how you can set up UpdraftPlus on your WordPress website.

Signing Off

WordPress security is your responsibility and you shouldn’t take it lightly. An attack can cause you a big loss and all your hard work of months or years will be wasted.

Securing a site is easy with WordPress and you hardly require any technical knowledge.

Do implement a maximum number of these security tips and make your website hack proof. It will help you in long run.

What’s your take on the WordPress security? How do you make sure that your blog is hack proof and you are free from attacks? Share your thoughts below.

Have any other security technique you are using which is missing from this list? Add a comment and help other readers.

Also, do share this post with your friends and followers on different social media channels and help them in securing their blogs and sites.

5 Most Loved WordPress Plugins To Create Converting Landing Pages

Getting traffic to your site is definitely one of the most struggling things you would do in your blogging career.

But sooner or later you will succeed and get thousands of daily page views.

However, there will be one thing always missing from your website – CONVERSION.

People will visit your site, read your content and leave your site. But, that’s not what you want.

You want sales, subscribers, affiliate commissions. And how to do that?

By creating Landing Pages that converts.

What is a Landing Page?

A landing page is a standalone website page which is designed for the sole purpose of either getting sales or collect subscribers.

Landing pages are often completely different from your site and don’t include navigation menu, sidebar, or header of your site.

How to Create Landing Pages?

There are three ways you can create high converting landing pages.

  1. By hiring a web developer to create it using his/her programming skills. (Costly)
  2. Learning to code yourself and create landing pages. (Time-consuming)
  3. Using a drag and drop plugin that lets you create beautiful landing pages without any coding experience. (Affordable + Quick)

If you’re planning to use the first two methods, then feel free to leave this page and start searching on Google.

However, if you’re like me and want to use the last method then stick to the page as I’ll share 5 Most Loved WordPress Plugins to Create Converting Landing Pages.

Using these plugins you can easily create all kinds of pages a blog or business may need such as squeeze page, sales page, membership page, product page, portfolio, etc.

Read through the end of this article as there are few bonus plugins included which will sure to put a smile on the face of budget business owners and bloggers.

So, let’s get started.

1. Thrive Content Builder + Thrive Landing Page

thrive landing page builder wordpress plugin

Thrive Landing Pages is possibly the best WordPress plugin to create converting landing pages without touching a single line of code.

With its drag and drop functionality, you can change almost all aspects of a web page and add custom sections.

There are over 160+ templates included that are beautifully designed and converts well or you can start from scratch and create your own converting landing page.

Also, there are many two step opt-in forms available which you can use to create a different page for collecting user information.

Thrive Pre Made Landing Pages

Thrive Landing Pages Features:

  • 160+ Pre-Designed Templates
  • Customize almost every part of the page
  • Undo and Redo Functions
  • Save templated for later use
  • Two step forms
  • Supports external shortcodes within the editor
  • “What You See Is What You Get” editor
  • Excellent customer support and community

Pricing: Starts at $67 for one site with unlimited updates for one year.

2. LeadPages

leadpages wordpress plugin for landing page builder

LeadPages is what you call an advanced page builder. It is not just any regular landing page creator plugin but it’s much more than that.

LeadPages hosts your landing pages on their servers, provide fast delivery of files, and keeps your site lightweight.

Creating a landing page in LeadPages is just a matter of clicks and you’ll be amazed to see the speed of how quickly it deployed a landing page for you.

It won’t be wrong it says that LeadPage is a standalone landing page builder.

But, that doesn’t mean you can’t host your landing pages on your site. You can choose to publish the pages directly on your site using the “LeadPages” plugin for WordPress. Alternatively, you can download the HTML page to use on other platforms.

They also have a drag and drop page builder which makes things a lot easier.

Unlike Thrive Landing Pages, the ready-made templates aren’t available for free and cost anywhere between $7 to $19 for each design.

LeadPages landing pages

LeadPages Features:

  • Create unlimited landing pages and host them on any platform.
  • Connects with almost every platform and you can have a record of all the landing pages from a single admin dashboard.
  • Simple landing page creator with tons of features.
  • Split testing functionality with Pro and Advanced plans.
  • Marketplace with hundreds of premium templates.


  • Expensive
  • Premium templates cost extra money

Pricing: Starts at $25/Month for standard plan and $49 for the Pro plan (payments to be made annually.)

3. Beaver Builder

BeaverBuilder WordPress Landing Pages Plugin

Technically, Beaver Builder is a drag and drop page building plugin that also works as a great tool for designing landing pages.

Beaver Builder lets you create converting landing pages by using the front end editor with drag and drop functionality.

The editor is both smooth and lags free which improves the user experience of changing and saving the landing page.

You can save your designs and use them in other landing pages which save time and provide consistency.

As of now, there are around 30 pre-made templates including with the plugin but there’s a catch here.

Beaver Builder recommends using their own theme which will let you create full width, distraction-free page without header and footer.

However, there is nothing great about their theme and you can easily get much better themes for the exact same price.

Regardless of some awesome features available, this issue has always been a concern for me.

There’s a free version available for Beaver Builder, but it is highly limited in terms of functionality. For instance, you can’t use opt-in forms and ready made template with the free version.

BeaverBuilder Plugin Free Version


  • Appealing front end visual editor with drag and drop functionality
  • Complete control over sections, which allows creating almost all types of landing pages
  • 30 custom built eye-catching templates that are ready to use
  • Template saving provides a quick way to create similar looking pages
  • Mobile friendly/Responsive
  • Smooth and lag free
  • Can be also used as a page builder for designing posts


  • Not fully compatible with 3rd party themes

Price: Starts at $99 for the Standard pack (without a theme) with unlimited sites allowed and one year support.

4. OptimizePress 2.0

OptimizePress Landing Page Plugin for WordPress

OptimizePress 2.0 is the most advanced page builder available in this list.

OptimizePress allows users to create high quality converting pages using visual LiveEditor which lets you see the changes you make in real time.

It enhances the speed of creating landing pages as you can quickly change the things you think are not looking good.

If you’ve tried the first version of the plugin and crying about the features it lacked then let me assure that OptimizePress 2.0 has tons of new features that are sure to put a smile on your face.

There are lots of drag and drop elements available in the editor section which you can use as per your needs.

Also, almost all the major email provider are supported by OptimizePress which come handy for business owners looking to collect their visitor’s emails.

OptimizePress Pre Made Landing Pages


  • Plenty of ready made page templates available
  • Lot of drag and drop elements available
  • Access to Optimize marketplace where one can find more premade templates.
  • Advance LiveEditor that works like a breeze
  • Theme and Plugin versions available. You can choose independently


  • Plugin size is considerably larger which can affect the loading time of your website.
  • Less number of ready made templates as compared to other landing page builders

Price: Starts at $97 for Core package with 3 marketing blog pages. However, A/B testing and priority support aren’t included.

5. InstaBuilder 2.0

InstaBuilder WordPress Landing Page Plugin

InstaBuilder 2.0 is again the next version of Instant Builder which promises advanced landing page creation tools.

InstaBuilder is an easy-to-use drag and drop builder which lets you create high converting landing pages without technical knowledge.

Many design elements are available within your editor which you can drag and drop to desired part of the screen.

There are over 100 pre-built templates to choose from which includes a sort of landing pages, squeeze pages, funnels, etc.

Some additional features of InstaBuilder that aren’t included in other plugins are – lockable content and built-in firewalls which allow you to block one or all pages.

Apart from it, the built-in image editor, as well as built-in graphics pack, are a delight for image intensive landing pages.


  • Mobile Responsive Templates
  • Easy-to-use drag and drop builder
  • Additional features available
  • A/B testing allowed
  • Over 100 pre-built templates
  • Question opt-in features which allow asking questions in your forms
  • Built-in image editor and Marketing Graphics


  • Considering the price there aren’t any cons that should be listed. Share if you found any.

Price: Starts at $77 for the lowest pack that lets you use InstaBuilder on 3 different sites with 1-year update and support.

Bonus Plugins Worth Mentioning:

Landing Pages: A free WordPress plugin to create landing pages with basic functionality.

Parallax Gravity: Another awesome landing page builder which is great to create and track the results of the landing pages.

Buy Now (starts at $17)

Elementor: Probably the best free plugin for creating landing pages. Mainly used as a page builder to design posts but can be used to create converting landing pages.

And the Winner is…?

I can’t declare any one of the plugins as the winner as all of them provide something better than others.

However, if I had to choose only one then I would go with Thrive Landing Page + Thrive Content Builder as it is both affordable and feature packed.

Do let me know your experiences and which one of them is your favorite landing page builder.

Use any other landing page plugin which is as great as these? Share the name below.

Thanks for reading, if you liked what you read then do share this post on at least one social media channel.

Why you should choose WordPress over Blogspot?

Why WordPress over Blogspot

For a long time the blogger/BlogSpot blogging platform has being the best free blogging platform even till date, but if you intend on taking blogging as a profession or a business then I proudly recommend you to migrate to the self hosted WordPress blogging platform now.

  • These are little things i hate about blogger/BlogSpot blogging platform.
  • Poor customer service or support
  • Unprofessional design
  • Poor SEO
  • No control over blog web hosting
  • No plugins
  • No payment gateway integration
  • No ecommerce integration
  • Can’t install SSL certificate
  • Limited themes options

This is an easy way to tell the best blogging platform, like the blogger platform it has lots of users but they can’t be compared with 63 million sites on wordpress this result alone is enough to help you detect how popular and awesome the wordpress blogging platform is to all it users.

5 Reasons you should choose WordPress over Blogspot/Blogger

Choosing a perfect blogging platform is just like choosing the best spot to mount a shop and choosing the best blogging platform is tough most especially for newbie’s in the blogosphere, now learn the reasons why I migrated from blogger to wordpress.

Here Are Few Reasons While I Moved From Blogger to WordPress

Better (SEO):

Many newbie’s thinks they can rank quickly with a BlogSpot blogging platform which is completely wrong even though the blogspot /blogging platform is owned by Google, But with the wordpress and the necessary (seo) plugins installed you are guaranteed to gain more and huge traffic from search engines to your blog which is one of the main reasons you should move your blog to wordpress.

Complete power over your blog

With the WordPress blogging platform I sleep with my two eyes closed because I know am saved from getting a sad news from blogger/BlogSpot blogging platform saying, (your blog has being deleted because of spam) and when this happens you have nothing to do about it even if you contact them they might respond with irrelevant answers giving you some useless reasons for deleting your blog or sometimes they won’t even respond because of their poor customer support.


The best thing I like about the WordPress platform is the “plugins”. Using plugins you can do any customization without writing a single piece of code. There are lakhs of free plugins available in WordPress plugins database and you can install any one of them in just single click. If you know coding, you can also write a plugin for your blog.

Quick loading

Blogger/BlogSpot blogging platform loads slowly because it uses one long page filled with html for doing everything and this affects its load time and decreases its (SEO) strength, but with wordpress you can enhance the speeding rate of your blog with plugins.

There are plugins available that you may use enhance the speed of your WordPress blog or website.

Regular free updates

WordPress keep itself updated. There are many programmers who keep writing codes for WordPress to make it a better blogging platform. You can find a new update almost every month that fixes some issues or add new features to it.

Everything is almost automated on wordpress blogging platform

If you are thinking of changing some stuff on your blogger blog design then you should be ready to learn html coding and editing, but if you are on wordpress blogging platform you don’t need to be good with codings before you can work on the blog because there are lots of plugins that will help you manage the blog.

Enhanced design

When it comes to design blogger/BlogSpot platform can’t be compared with wordpress because wordpress has the flexibility of allowing it users to customize a site to their desired style without being stressed out.

There are lots of convincing reasons why I migrated from blogger to wordpress but I decided to reveal few of the most important reasons why I migrated from blogger to wordpress on this particular article.

Need help in moving your blog from blogger to WordPress?

I have seen many people on internet are offering this service at a very reasonable price. You can also go to fiverr to find a gig for you or you can post a job on upwork.

Do you have any reason why you moved from blogger to wordpress that was not mentioned here? Then feel free to share with us and we’ll include that in our article.

Are you a blogger who was just convinced about moving from blogger to wordpress then simply see the following recommendation for WordPress hosting. There are some hosts that WordPress officially recommend and one of them is Bluehost. Not all hosts are capable of hosting enterprise level blogs/websites that generate thousands of visitors per day. If you think you need enterprise level hosting solution, you can check the following enterprise WordPress hosting solutions.

I know that after evaluating this article you are now ready to migrate to wordpress, please share your thoughts with us.