4 fast and easy WordPress security hacks you need if you DIY your website

Home / Wordpress tip / 4 fast and easy WordPress security hacks you need if you DIY your website

The thought of anyone hacking my website and slowly tearing it down page by page without my knowledge makes me so stressed that I wouldn’t be able to sleep for days. It makes me feel so helpless to watch all my hard work under attack, so weak that I cried.

Why cry? Because I got hacked, I cried, and the future of my online business depended on how quickly I was going to act to stop the attacks.

Because I DIY my website, I started with these 4 Fast and Easy WordPress Security Hacks.

Hack #1: Use an uncommon username

The majority of attacks on WordPress websites happens in the wp-admin level.Click To Tweet Yes, the typical extension you use to log into your website to publish a new blog, sales pages etc…www.yourwebsite.com/wp-admin. Hackers target this access point by using a combination of most common usernames and passwords.

Remove the default “admin” username and replace it with something more unique.

Here’s how to effectively change your “admin” username:

  • Create a new username.
  • Assign the new username the role of administrator.
  • Log out and log back in as the new username you created.
  • Delete the “admin” username.
  • Attribute all content to your new username.
  • Confirm deletion.
  • Done.

Hack #2: Keep your website updated

The point of access when I was hacked was not my main website; it was a subdomain on the same server that I neglected to update.

Avoid compromising your website and be sure to keep ALL of them including your sub-domains updated.

Hack #3: Disable trackbacks

Trackbacks are a cool WordPress feature that allows bloggers to communicate with each other. It is a way to alert other websites that you linked to them. Think of trackbacks as the equivalent of acknowledgments and references at the end of a book.  Unfortunately, 99.9% of trackbacks today are from spammers selling watches, t-shirts or something else completely unrelated to your website.

Disable trackbacks entirely on your website.

You can do that by logging into your WordPress dashboard, settings, then discussion, and uncheck where it says “Allow link notifications from other blogs.”

Here’s a snapshot to better guide you:

disable trackback

Hack #4: Keep your WordPress directory off access

Your Wordpress website contains many files and some of those files are crucial and need to be secured. One of these folders is “wp-content” which includes all your themes, plugins and media uploads (these outstanding images & PDF’s that took you forever to create on Canva). Hackers use a backdoor technique to access those files and take over your website without you even noticing it.

Make hacker’s job more difficult by keeping your WordPress directory off access. Here’s a budget-friendly way to do that

Did you find these hacks useful?

If the answer is YES, tell me which one was your favorite!

wordpress security hacks


  • April 23, 2018, 11:08 pm

    Wow – I didn’t know you could change your admin login name! Sweet!!! I’m going to do that. I always appreciate your WP tips, Webly. I’ve built in time for ops/systems updates and will go through all of these security hacks to protect my site. Thanks for the visuals!

  • April 24, 2018, 7:34 pm

    Holy smokes! What great information, Webly. I went in and made those changes. I’m so sorry that this happened to you but very happy you shared your hard-won wisdom. xxoo

  • April 24, 2018, 10:50 pm

    Thanks for these great tips. Several I knew about and yet, I got lazy for a few of my personal websites (sharing my RV experiences and a few redirects) Well, I did get hacked and did spend time and money cleaning it all up.
    The one think I didn’t know was the wp-content. So now to check that and close that loop.
    Thanks as always for your great info.

    • May 4, 2018, 1:11 am

      Music to my ear that you were pro-active in resolving that Claudette.