How to Protect WordPress Website without Plugins?
How to protect WordPress website without plugins

09/20/2019 by admin with 0 comments

How to Protect WordPress Website without Plugins?

Security has always been a major concern for the website users. Protecting your website from hackers in itself is a major task. So,  this article is going to be a detailed piece of information about the little things you can do to ensure the security of your website without plugins.  


Well,  if you ask me I would recommend you to use plugins for several reasons.  

For starters, they are easy to use and handle. 

All you have to do is: 

  1. Search for an appropriate plugin from your WordPress directory. 
  2. Install it. 
  3. configure it on your dashboard or set them up on the basis of their documentation and you are good to go. 


Basically,  it’s just a piece of cake to use.  

But,  if you are looking for some alternatives to secure your website then here I would be listing some methods. So keep reading. 


Method#1: Protecting Important files.  

Protect htaccess file.  

 htaccess file is Apache web configuration file used by the server. These files are important because they play an important role in controlling the user access control.  

So,  if you want to protect your website, then you need to protect this file. 


But most of the time these files are not visible by default. They are usually present in files whose name begins with a dot(.), which signifies hidden files.  

So to access this file you need to go to your settings and request FTP client to “show the hidden files”. 

Now,  to secure these files you need to follow a simple procedure.  

  • Open tools.  
  • In it you would find an option of yoast SEO.  
  • Now in the dialog box paste the given syntax of htaccess file which is: 


#protect. htaccess 

<file-“.*/(Hh) (Tt) (Aa) “> 

order allow, deny 

deny from all 

satisfy all 



Save the above changes to the htaccess file.  


Protect the wp-config.php files.  

Now,  if you are protecting your wp-config.php files consider yourselves the safest website user.  

Now,  if a hacker gets access to this file then that person is holding a gun against you.  

This file is considered as the core files of WordPress which contains all the information about the host,  database, username and password. So this configuration file resides in the root directory and contain PHP instructions.  

Now your you can secure your this file with the help of htaccess file.  

For this is just need to paste the code to the same dialog box which you used to secure your htaccess file.  


Now,  the code you would use is: 


#protect wp-config.php 

<files wp-config.php> 

order allow,  deny 

deny from all 



Method#2: protect your error_log file.  

They are the directory of all the errors faced during application use. So,  while securing your website if you made some mistakes then you can easily restore your data if you have protected your WordPress errror_log file.  

Now,  you also protect your error_log protect file the same way you protected your wp-config. Php file using htaccess file.  

All you need to do it paste the code in htaccess file and save the changes.  

Now, the code for this file would be: 

#protect error_log 

<files error_log> 

order allow, deny 

deny from all 



Method#3: Make use of SSL and https 

SSL stands for Secure Socket layer.when an encrypted message is sent over from client to host, then this protocol ensures it’s safe transfer.It prevent any leakage of personal or sensitive data. 

Same way HTTPS stands for hypertext transfer protocol secure which is an extension of SSL , it provides an additional layer of security when you are transferring any data. So,  make sure you are using these tools to save you sensitive data from leakage.  


Method#4: using two step authentication method.  

Now, if you are using this method then you are adding an extra or double layer of security to your method. 

Because these methods uses two or three methods to ensure the authentication of the user. 

For example., if you have enabled this function in your website, so the next time you try to access your website it will first demand your password.  

After you have passed that barrier,  Now it will demand an OTP which would have been sent to your mobile number or a verification key would have been sent to your email address. 


It ensures the identity of the real user. 


Method #5: make use of strong passwords.  

Always optimize for passwords which are lengthy and are hard to crack.  

In order to achieve that make use of code language and use of characters. 

Alphanumeric languages are hard to crack.  


For example: if I have to password protect my website if would rather use password “bababkshphvunywl@@22” than choosing “alfredwilliams” 


And believe me it’s not hard to remember because it is the short form of a nursery rhyme “baba black sheep” 


Method#6: limit login attempts 

So, when you limit the amount of login attempts you are simultaneously lowering the chances of any data hacking. As, the more a person tries to login to your account the site will automatically block that user permanently.  

So, you can enable this option using wordpress login limit attempts plugin. 


Method#7: keep your WordPress updated.  

Now, whenever any site is updated it not only adds or improvises feature, it also tries to cover any loopholes in the security system.  

So,  they are constantly updating the WordPress with advanced security system  

To make sure that you make use of those added security features keep your system updated.  


Method#8: disable file editing 


Now,  file editing if enabled posses a great risk of data hacking. As if someone gets admin access then it would be a piece of pie of him/her to steal any data from your site. So,  to avoid this issue make sure you disable this option from your website. So, for this make use of configuration file. 

Basically, open your Wp_config.php files and paste the code reads- 

define(‘DISALLOW_FILE_EDIT’, true); 

And now save the changes.  



It’s important to secure your digital assets. So avail these security options on your WordPress website from hackers.  

Leave Comment