How To Secure WordPress site Without Using Plugin [ WordPress Security Tips 2020 ]

(Last Updated On: May 11, 2020)

Best Trick To Secure WordPress Site From Hackers


You can try our trick to protect your WordPress website from hackers easily. Most website hacked by a hacker using your WordPress theme or plugins

It means some plugins or theme are vulnerable so the hacker can easily hack your website if your WordPress website vulnerable plugin or theme indexed by google bot

Nowadays hackers are smarter they do not waste their time to hack one website so they search in google and google can show your plugin list and hacker easily hack your website

So we need to disable google bot access to our theme and plugin folder so google bot won’t index our WordPress theme and plugin so our website is safe from hackers  🙂  so we have to create robots.txt file in our website directory


What is the robots.txt file?


Robots txt file specially made for robots means website crawler when robot or crawler come to visit our website they first check robots.txt file

We can instruct robots using robots.txt file for example if we don’t want to index any file or folder then we can use robots.txt file so robots will not index that file or folder 🙂


How to secure WordPress website with robots.txt?


Yes, My friend, we can secure our website with robots.txt file because as above I already mentioned that hacker use our website directory to find vulnerable plugins and theme so simple we can disable robots access to our theme and plugins directory using robots.txt file

First, we need to create robots.txt file

  1. Go to File manager > Public_html folder and create robots.txt file

2. Paste the following code and save it

User-agent: Googlebot
Disallow: /cgi-bin/*
Disallow: /wp-admin/*
Disallow: /wp-content/plugins/*
Disallow: /wp-content/themes/*
Disallow: /wp-includes/*
Allow: /

After creating robots.txt file you can test your file using google robot testing tool 

How to disable directory access with .htaccess file?

Sometimes hackers try to access our theme and plugin directory with browser or any software so we can easily disable access so our WordPress website is more secure 🙂

  1. First, we have to open the file manager and go to the public_html/wp-content folder and create a .htaccess file

2. Add the following line to your .htaccess file.

Options -Indexes


> Do not use nulled themes from any unknown website

> Keep your WordPress plugins and themes up to date


You can also use third-party software like cPguard or Pyxsoft to protect your website from hackers


Hostkarle also offers web hosting with cPguard so your website is more protected from hackers if you are using Hostkarle Web Hosting Service We don’t promote our hosting here we just inform you that you can use secure website hosting to give better security to your WordPress website.


  1. Aadarsh Roy Reply

    Hey hostkarle blog ,

    Great post with effective wordpress security tips without using plugin.

    It is my first time commenting on your blog post and i must say that you have done a fantastic work and suggested great tips to secure the wordpress site from hackers.

    WordPress is a popular blogging platform with millions of user worldwide, as this platform allows the user to create quality content and doing other task, hence securing the wordpress site from hackers is truly crucial.

    I really like an idea of securing the wordpress site using robots.txt file. Your each of the suggested steps to create robots.txt file and steps to disable directory access with .htaccess file are so clear, easy to understand and follow, whereas following these steps will be helpful for users.

    Truly helpful post and thanks for sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website is using cookies to improve the user-friendliness. You agree by using the website further.

Privacy policy