How to prevent your WordPress from Spam and hacking

WordPress is one of the popular and widely used CMS among bloggers. But apart from its popularity WordPress is also vulnerable to spamming and hacking if you did not take it seriously. Today plenty of bloggers and webmasters complaint about their WordPress site is got hacked. Before they understand anything there all data will be lost or stolen. Here in this article I will try to show you how you can prevent your WordPress from spamming and hacking attempts.

Use Plugins to prevent span comments and registration:-

You may use Askimet if you are able to pay a penny for it. This plugin will help you to stop comment spamming. The plugin will automatically detect the spam commenter’s or bots and put them on your Spam folder or will automatically removed them according to your settings. You may also use captcha on your registration and contact us forms.

Wp- Spam shield is an another plugin to prevent spam comments and registration and will integrate with contact form 7 etc. Plugins. This plugin is free for download and to use. You don’t have to pay anything for using it. The detection rate is really super and works like any other paid plugins.

Always use a Security Plugin:

It is highly recommend that you use a security plugin for your WordPress blog. You may use Wordfence security plugin. This plugin helps you to prevent all type of hacking attempts to your blog. This plugin is capable of stopping bruce force attacks and also provides you from DDOS attacking.  The live traffic feature of this plugin helps you to monitor your traffic in real time. You can also manually block ip addresses.

If you are able to purchase its premium version than you are able to block country as well as use the phone sign in option.

Disable your XML-RPC:-

If you are serious about your blog security than it will be best if you disable your XML-RPC option. According to Wordfence and other security clients Most of the brute force attacks are done through XML-RPC. So, you can disable it through third party applications.

Use Strong passwords:

Its highly recommend that you use strong passwords for your WordPress blogs. You may use special characters, uppercase letters, small letters, and numbers to make a strong combination of your password. Use WordPress in built password generator.

Don’t use nulled themes and plugins:

Nulled themes and plugins may contain malicious codes and also have major security vulnerability. So, never try to download nulled themes and plugins as it may contains viruses and malwares which can harm your WordPress site easily.

Update your WordPress, themes and Plugins:-

Always update your themes and plugin to make sure that all them are compatible with latest versions of your WordPress. Never use outdated plugins and themes. I also suggest you to update your WordPress version as well.


These are some of the basic steps to prevent your WordPress site from spamming and hacking attempts. I personally use these methods to make sure that my site is secure. I hope that these steps will also help you to secure your site as well. If you have any queries related it, just drop a comment below.

Author Bio. :- Priya is a Technical SEO at Hopinfirst, a Travel app development company, having a team of best app developers who delivers best Travel app solutions mainly on Android and iOS platform. She regularly contributes his knowledge on the blogging sites.

1 thought on “How to prevent your WordPress from Spam and hacking

Leave comment

Your email address will not be published. Required fields are marked with *.