Skip to Main Content

4 tips to protect his blog from hacker attacks

Divi: the easiest WordPress theme to use

Are you looking for the best WordPress themes and plugins?

Download the best plugins and WordPress themes on Envato and easily create your website. Already more than 49.720.000 downloads. [EXCLUSIVE]

Computer hacking: this is the new scourge that threatens millions of blogs each. Every day, tens of thousands of blogs are hacked, often forcing their owners to abandon everything or start all over again. And it's not because it may never have happened that you must think you are safe. In addition, it is not only the famous bloggers who are hacked.

All it takes is a hacking contest in Pakistan (as it did a few months ago) to see more 125.000 French blogs being hacked. For some pirates, it's a game, for others it's training, and for another category, it can also be a great way to phish.

1. Move the file wp-config from a higher level
The file wp-config is a file that contains all the configuration information for your blog as well as all the WordPress settings. A hacker who accesses this file is able to inject malicious code into your pages, or even worse, delete all the content of your WordPress blog. I let you imagine the rest ...

Because this file is the most important, I think you should secure it, keep it safe from hackers.

There is a WordPress feature that is little known to bloggers and WordPress blog installers, yet it can save their lives. In fact, WordPress allows you to move your file wp-config one level above the root of your WordPress blog.

On most Linux servers, wp-config file is located in the following location:
~ / Home / user / public_html / wp-config.php

To move it one level higher, here's what you need to do:
- Connect to your server (disk space) via your FTP software
- Go to the following location: ~ / Home / user / public_html /
- Cut the wp-config.php file (remember to download it to your hard drive before ... you never know)
- Go up one level higher, that is to say to this location: ~ / Home / user /
- Paste your wp-config file so that the address is as follows:
~ / Home / user / wp-config.php

Rest assured… you have nothing to fear. Your blog will continue to function properly. By doing this you are putting your file outside of the root of your hosting space, it will no longer be accessible to scripts and bots that hackers frequently use to attack your blog.

Easily create your website with Elementor

Elementor allows you to easily create any website design with a professional look. Stop paying expensive for what you can do yourself. [Free]

You have no settings to configure because WordPress (which allows this manipulation) knows exactly where to look for this file. Easy no?

Note: This trick does not work for blogs installed in subdomain (example: Public_html / blog) or for additional domains created from your cPanel (example: Public_html /

It makes sense in my opinion. In this case, we run the risk of ending up with several files wp-config. But as they all have the same name and there is only one place to take per location ... you understand why only the blog installed at the root is allowed.

2. Delete your "admin" account
The default account when installing a WordPress blog has "admin" as the username. It turns out that the vast majority of bloggers use this username by default ... but what they do not know is that by making this choice, they automatically increase their chances of being hacked.

Most hackers know very well that many blogs use admin as a username WordPress, which gives them a username ... all they have to do is find the password which is also often easy to guess. Complicate them a little bit more by choosing a different username when installing your WordPress blog.

If it is already installed, then I think you should follow the following procedure:
- Log into your WordPress dashboard
- On the sidebar on the left, click on " Users », Then on« add »
- Create a new user and give him the role of administrator
- Don't forget to choose a password that is difficult to guess (example: ALAIN2vidal?)
- Log out, then log back in with the new user's credentials

Then go to page >> Users >> All users >> and delete the user " admin ". If you wish, you can then assign all the content of this user to the new user before the final deletion of your previous account.

Divi: The best WordPress theme of all time!

With over 701.000 downloads, Divi is the most popular WordPress theme in the world. It is complete, easy to use and comes with more than 62 free templates. [Recommended]

3. Make regular updatess
Whether WordPress, your plugins or your theme, make updates every time a notification appears on your dashboard.

When setting up many blogs belonging to our customers (, I was surprised to see that over 90% of them were neglecting all update notifications.

Know that a WordPress update, a theme or a plugin not only brings you new features, it very often also contains new security measures. The more time passes, the more a theme or plugin has visible flaws that a hacker can use to attack your blog and use it as it sees fit.

So remember to make updates every time you receive a notification. WordPress has made this process so easy that it can be done in two clicks maximum. In addition, it will not even take you 30 seconds and you will save hours, days or even months of frustration and headaches if ever your blog was to be hacked.

Ask hack victims… they will all tell you that there is nothing worse for a blogger than getting hacked and losing all of their data.

4. Install WP Security Scan and secure WordPress
Using certain security plugins reduces the chances of your blog being hacked. I advise you to install the following plugins: WordPress Security Scan et Secure WordPress.

These two plugins bring many features that will make your blog more secure.

Easily create your Online Store

Download free WooCommerce, the best e-commerce plugins to sell your physical and digital products on WordPress. [Recommended]

  • Le Scanner checks the permissions of WordPress files and highlights all those whose permissions are incorrect.
  • Le Password Tool tells you the strength of your password and also generates random, super-strong passwords that you can use if you wish.
  • Le Database is a tool that allows you to backup your WordPress database. It also allows you to change the prefix of the latter. Use it to change the prefix of your database. Move something like this: '' wp_ '' to something like this: ''8bvn9_''. This will make it difficult for hackers to try to guess your database table names.

Stay alert

The tips and tricks above will greatly improve the security of your blog and reduce your chances of being targeted by hackers. However, always keep in mind that the security of a blog is an ongoing process. You must remain vigilant and inform yourself of the latest protection techniques of a WordPress blog, especially if you use it to generate money on the internet.

And if you want to entrust the work to professionals, I strongly recommend you to contact the site who will change to secure your blog for you.

To learn more about the subject, I recommend the following article: 8 myths about the security of blogs / WordPress sites

This article features 10 comments

    1. Hello Sam,

      I believe you need to make the changes at the level of PhpMyadmin. But first, you must first remove the multisite.

      I hope I have helped.

  1. Hello Thierry,

    It seems to me that there is an error on the new path that you specify for the file config.php, after moving it up one level higher. No ?


    1. Good evening Laurent,

      There are no mistakes. You move the wp-config.php file one level above the html public folder (wwww). And it will work.

      1. Hello Thierry,

        Yes, that's right.
        So the new path will be home / user / config.php and not home / user / public_html / config.php as you indicate


        1. Hi,

          When you connect to your ftp you have a / public_html folder It is in this directory that you put the config file. and not in the public_html folder where the other wordpress files are located.

  2. Hello,

    Thank you very much for your article, it helps well.

    I have a question, can the method of reassembling the wp-config.php file prevent the automatic update of wordpress?

    Thank you very much and good weekend.

    1. Hello Vinh

      No that does not prevent anything at all. WordPress knows that it should also look for the file in this folder.

  3. Hello Thierry,

    Your article is very valuable for beginners - exciting and well represented community
    to which I clearly belong 😉

    One of your recommendations caught my attention:
    "Cut the wp-config.php file (remember to download it to your hard drive before ... you never know)"

    Does this mean that this is still a procedure that can be systematized to avoid the challenges of hackers?

    Such a safeguarding possibility, redundant with other systems of protection
    Existing, would be well tranquillizing.

    Do you confirm the possibility?

    Thank you for your answer.

    Good day to you,


    1. Hello Carole,

      First of all, I want to thank you for your comment. It's very appreciated.
      Then, and to answer your question, I want to clarify that this is not a miracle method that will allow you to protect your blog from hackers. This is just an action that reduces your chances of getting your blog hacked.

      As I'm used to saying, if even US government sites get hacked, it's not a blogger's site that won't be. 🙂

      Apply this method without worries.


Leave a comment

Your email address will not be published. Required fields are marked with *

This site uses Akismet to reduce unwanted. Learn more about how your comments data is used.

Back To Top