You Are Here

Protect your WordPress site from hackers

As long as there are personal and business websites, there will be hackers who, for reasons unknown, think that hacking a website is a thing to do. Personally, all of my websites have been hacked at one point or another in the past few years. It’s a real pain in the ass to clean up and rebuild a hacked WordPress website. I try to keep a good attitude and see it as a good time for a total redesign and also make sure to add more protection measures to keep hackers out.

My number one security resource is the WordFence Security Plugin. I use the free version, which is great, but I know site owners who have upgraded and give it rave reviews. There are other ways to secure your site or blog.

How do hackers get in?

To protect your site from unscrupulous hackers, it helps to know how they get into it in the first place.

Be very careful when installing plugins

As you can see in the image, plugins are the biggest risk of a site attack. There are tens of thousands of WordPress plugins available. Unfortunately, more than half are equipped with a “back door” on their website.

How to keep plugins safe

The number one way to keep plugins secure is to make sure you update them as updates become available. WordFence is a great way to keep track of updates, you will receive an email when a plugin has an update available.

look at the details

There are some red flags that should serve as a warning against using a plugin.

  • Visit the developer’s site. Check that it is there and that it is up to date with new details about using the plugin and make sure there is valid contact information. Tip: If it’s been a while since an update to the plugin was issued, it’s likely that the developer no longer supports it.

  • It is best to download any plugin from the official WordPress site. The plugins listed there will probably be safe. You should avoid downloading plugins from an unknown source. This is one way hackers will get in. They ask you to install their amazing plugin that is guaranteed to attract customers. Or that’s what they tell you it is, they actually ask you to do the hard part for them. The plugin likely contains the tools they need to hack your site.

  • Do some research on the developer of the plugin. Search for the name of the author and the name of the plugin and put “malware” or “hack” after it and see what comes up.

The second way in for hackers

The second most common way WordPress sites get hacked is a brute force attack. This type of attack is the ultimate guessing game. It can take hours to find your site username and password, but it’s a pretty simple way to break in and cause damage. Use some of these tips to keep them at bay and off your site.

  • Use a two-factor authentication. Through this method, users must know their password and have their cell phone ready to receive a secret number. WordFence premium has this feature and it is a foolproof way to protect your site.

  • Choose a unique username. It is no longer a good idea to use Administrator or Admin. It is also not recommended to use your domain name. Instead, choose a username that a potential hacker can’t easily guess.

  • Change your password often. This is just one more way to sustain a brute force attack. Your software may be close to guessing your password, but if it’s changed frequently, that shouldn’t be a problem.

Simple maintenance keeps your site secure

Take simple steps to keep your WordPress site secure. Clean your site frequently. Get rid of plugins and themes you no longer use. Keep your themes and plugins up to date. Install reliable security to keep hackers out. If you’ve never had to redo a 5 year old site, be happy! If you’ve had to clean up a mess left behind by an attack, learn from mistakes and security gaps. Lock down your site just like you lock down your house.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *