How To Secure Your Divi WordPress Website

How To Secure Your Divi WordPress Website
One of the most important things you can do with your WordPress website is to keep it secure. Sites can become victim to malware and hacks, which can then do harm to visitors and your brand. Your website can even become blacklisted. It’s crucial that your website is safe for everyone. In this article, we’ll look at how to secure your Divi WordPress website to keep it and your visitors safe.

Things You Can Do to Secure WordPress and Divi

There are several things to keep in mind and lots of things you can do to help secure your WordPress and Divi websites. Here are the main security measures you need to implement. Some of these require a plugin while others are simply good practices to implement in your Divi and WordPress routine.

1. Updates

Keep the WordPress core, themes, and plugins updated. WordPress and third-party developers release security patches to fix vulnerabilities in the code. Often, hackers find these holes and gain access to your website or files. Also, make sure plugins and themes have recent updates and good support from the developers. Check all updates on a test site before applying them to your live site.

There’s also DNS caching which takes place on DNS servers. Servers can store recent DNS lookups in their cache; they then don’t need to query nameservers and can instantly reply with the IP address of a domain.

2. Passwords

Use secure passwords that someone won’t figure out easily. Never use the word Password, or letters or numbers in sequential order. Password123 is the equivalence of not having a password when it comes to hackers trying to gain access to your website.

3. Password Manager

A password manager can help keep your passwords secure and even restrict them to authorized devices.

4. Admin Username

Change the admin username from the default “admin”. This is the most common username and it’s easy for hackers to use this name to gain access to your website because they already have part of the information they need.

5. Login URL

Move the login URL from the most common location “wp-login.php” to a new location. Bots and hackers have automatic access to the login screen if you keep the default location. This can be done with a plugin or manually by editing the wp-config.php and .htaccess files.

6. Limit Login Attempts

By default, anyone can attempt to log in as many times as they want. This means they can guess at your password until they guess it correctly. This allows hackers to use brute force attacks, where they use bots to attempt to log in thousands of times per second. Use a plugin that blocks the users after a certain number of failed attempts.

7. User Roles and Permissions

Set roles and permissions for each user based on what they actually need and restrict access to everything else. You’ll find roles in the Users dashboard menu. Set Divi permissions based on user roles in the Divi Role Editor (in the Divi dashboard menu) where you can select which users have access to which Divi features.

8. Backups

Keep recent backups of your website in a secure location. This includes your theme customizations, plugin settings, and content. Regardless of what goes wrong, you’ll be able to get your website back to its most recent good condition with a backup.

9. Firewall

Web Application Firewalls (WAF) are firewalls that are designed specifically for WordPress. They create a wall between networks to filter incoming and outgoing traffic on the network. You can add them with a plugin.

10. SSL Certificate

Secure Sockets Layer (SSL) is a method of encrypting links between the server and the browser. You can add this certificate to your hosting and change HTTP to HTTPS in your WordPress settings. Certificates can be purchased through your host or a third-party supplier.

11. Two Factor Authentication

2FA requires two steps in order to login to your website. Rather than gaining access automatically, authentication is needed. This can be a code that’s sent to your phone or email, or it can be a fingerprint, voice authorization, retina scan, keychain fob, or some other type of authentication. Some require this authentication before you have access to login with your username and password. Others require the authentication after your initial login.


Add CAPTCHA to comments and login areas. This will help keep bots out and reduce spam, plus it will help keep bots from uploading files with malware in forms that allow file uploads.

Security Plugins

Security plugins give you the tools to scan for malware, block users and IPs, and perform the things on this list. It’s always a good idea to have a security plugin installed. You’ll see a list of our favorite security plugins near the end of this article to help you choose the best option for your Divi website.

13. Delete Unused Installations

having multiple installations of WordPress with Divi is great for testing and developing new creations, but they can be easy to forget which can leave old versions of WordPress, themes, and plugins on your server with security issues. It’s always best to delete any WordPress installations that you’re not using.

The Role of Hosting in Keeping your WordPress Website Secure

The most secure website is still vulnerable to security attacks if your hosting isn’t secure. Hosts can improve your website’s security in a number of ways…

Server Security

Hosts can use security packages such as ModSecurity to monitor and log suspicious activity, and other services and configurations such as suEXEC, Cloudflare, and more. Some store your files in high-security data centers, especially those that host eCommerce sites.
Some include features such as malware scanning and hack and DDoS protection. If hosts determine that your site is a target of a brute force attack, they might move your login in order to keep people or bots from further attempts. Some hosts keep backups, so if your site is attacked and your data is corrupted you can restore it easily.

Extra Features

Many hosts include security features with your hosting plan and offer premium features as add-ons such as the premium version of Jetpack. Lots of hosts offer a free or paid SSL certificate with HTTPS encryption that you can add to any domain on your hosting plan.

Hosts should also follow good security practices such as keeping PHP up to date. Hosts can keep your WordPress up to date by installing security patches as soon as they’re released. Those that provide updates should audit and apply security patches as soon as possible.


Make sure your hosting plan has good support and are easy to contact. The amount of support they can offer will depend on your hosting plan, but you’ll need to get in contact with them quickly for the support they do provide.

For more information about hosting, see the Divi Space hosting page.

Plugins to Improve WordPress Security

Here’s a look at some of the most popular security plugins for WordPress. Most include many of the features we’ve discussed in the previous section. They’re in alphabetical order.

1. All-in-One WP Security and Firewall

All In One WP Security uses a grading system to measure how well your site is protected. It has both a free and a pro version. Features include a firewall, security for user accounts, login, database, file system, .htaccess, wp-config, blacklisting, brute force prevention, spam filtering, security scanning, text copy protection, and more.

More Information

2. Divi Client Safe

Divi Client Safe lets you hide key elements from your client’s WordPress dashboard including Divi theme options, themes, plugins, widgets, settings, the editor tab, and more. You can also remove update notifications for the WordPress core, themes, and plugins so users don’t try to perform updates that you haven’t tested yet.

More Information

3. iThemes Security

iThemes Security provides over 30 ways to secure your website. The pro version includes 2FA, security keys, malware scanning, password security and expiration, reCAPTCHA, user logging, and more. It also includes protection from brute force attacks, makes backups, moves URLs, forces SSL, monitors your site and reports changes, etc.

More Information

4. Jetpack

Jetpack’s premium version has lots of security features including activity reporting, real-time backups, backup and security scanning, spam filtering, plugin update monitoring, blocking malicious login attempts, monitoring downtime, brute force protection, and login authentication using to match accounts with emails and adding Two Factor Authentication. Each of these areas provides detailed information.

More Information

5. Sucuri

Sucuri has both a free and pro version that adds lots of security features including site hardening, activity auditing, file integrity monitoring, remote malware scanning, blacklisting and monitoring, and email notifications. It also includes post-hack security actions to help solve problems after an attack. The pro version adds a firewall.

More Information

6. Wordfence

Wordfence is the most popular security plugin for WordPress. It’s available in both a free and pro version and includes a firewall, security scanner, login security with 2FA and reCAPTCHA, IP, user, and country blocking, live traffic monitoring, file scanning, and lots more.

More Information

Ending Thoughts

That’s our look at how to secure your Divi WordPress website. None of these tasks are difficult to perform if you use plugins and many of them don’t need plugins, but instead, are just good practices like creating strong passwords. Each is important in securing your website and keeping both your visitors and your website safe from malware and hacking, as well as protecting your brand.

How to you secure your Divi WordPress website? Let us know about your favorite tools and practices in the comments.

Randy Brown

Randy A Brown is a professional writer specializing in WordPress, eCommerce, and business development. He loves helping the WordPress community by teaching readers how to improve their websites and businesses. His specialties include product reviews, plugin and theme roundups, in-depth tutorials, website design, industry news, and interviews. When he's not writing about WordPress he's probably reading, writing fiction, or playing guitar.