How To Protect Your WordPress Site From Hackers

How To Protect Your WordPress Site From Hackers & Malware

Nowadays nothing is secure. From IoT devices, Automated Teller Machines, Game Servers to International bank transactions everything can be cracked (Not hacked. Both are different. Read this post by TechRepublic to understand the differences between both the terms). Now coming back to the topic, we must understand that total security is not attainable. It’s just a lie; an illusion.

Only a limited level of security can be achieved with the methods I’m going to discuss about in the below sections.

We have an Illusion of Security, We Don’t have Security ~ Isaac Yeffet

Stay Updated: Keep Your WordPress Core, Plugins & Themes Updated

The first step in protecting your WordPress site is to keep it updated. If you haven’t updated your version of WordPress or its themes and plugins, now is a good time to do so.

That’s the first line of defense for you WordPress site because most of the WordPress sites are hacked using the exploits present in these outdated versions of themes and plugins. They are continually fixed and patched up by the developers.

Install and Configure a Good Security Plugin

Next, you should use a WordPress security plugin to harden your site’s security. WordPress, like any other web application framework is not immune to attacks and exploits. These plugins patch up the shortcomings by hiding the vulnerabilities and sometimes fixing them. Some of the security plugins can hide the version number of the technologies you are using in your WordPress site. Though this might be a very basic step it surely helps stop many common exploits used by the script kiddies!

Some of my favourite WordPress security plugins are Wordfence Security, iThemes Security and Sucuri Security.

Wordfence protects more than 1 million WordPress sites whereas iThemes Security protects more than 800,000 WordPress sites and Sucuri Security protects 200,000+ websites.

Though all of them perform nearly the same job, I would recommend Wordfence over the rest based on my feedback on testing them.

Apart from that you can check your site for known malware, blacklisting status, website errors, and out-of-date software using Sucuri’s SiteCheck – Free Website Malware and Security Scanner.

Limit the Number of Login Attempts

Limit login attempts to protect your site from brute force attacks. A brute force attack is the simplest way to gain access to a site – it tries various combinations of commonly used usernames and passwords along with dictionary words to break into your site’s administrator dashboard.

It can be easily set up by installing this plugin for your WP Dashboard or via FTP.

Change your Generic ‘Admin’ Username

Do NOT ever use ‘admin’ as your WordPress login username. It is the very first word that is tried by bad bots and scripts to find the username of your WordPress site. Once it finds the username of your site, it will move on to decode your password.

By using ‘admin’ as your username you are directing it towards the correct path. It’s like revealing the place where you’ve hidden your money and jewellery to the robber and waiting for him to break in and steal it using his tools!

So, think of a creative username for your WordPress site and avoid using typical dictionary words.

Make Use of Strong Passwords

The same thing applies to passwords too. Do not use any words present in dictionary as your password. Make sure you use a combination of upper and lower case letters along with symbols and ambiguous characters and is at least 16 characters in length.

In case you’re not able to think of such a complex password, use a tool such a Strong Random Password Generator or Norton’s Password Generator.

Protect Your Site with a Firewall

Protecting your WordPress site using a FREE firewall like Cloudflare can protect your site from getting hammered by bad bots and DDoS attacks. Cloudlfare offers DDoS protection, Web Application Firewall (WAF), SSL, Traffic Control™, DNSSEC and many such awesome tools to enhance your website’s security. Cloudlfare acts as a reverse proxy for your site and all traffic to and from your site are analysed in real-time for threats and unusual traffic. Cloudflare also offers a free SSL certificate using which all transmitted data in encrypted.

Also Read: Optimize WordPress to Reduce Server Overload.

Switch to a Better WordPress Hosting Company

Last but not the least – choose a well-known WordPress hosting provider with a good track record in their service. Do not go for poor and unreliable hosting services and lose your hard work by getting your site wiped away just because the servers hosting your site were cracked or DDoS’d or simply because they didn’t maintain proper backups of their clients sites!

I would recommend you to either go for Bluehost or SiteGround. Also DreamHost and Flywheel are good choices.

Also Read: Grab SiteGround WordPress Hosting at just $3.95/month!

All the four of them are officially recommended by WordPress themselves. Here’s a quote from their site –

There are hundreds of thousands of web hosts out there, the vast majority of which meet the WordPress minimum requirements, and choosing one from the crowd can be a chore. Just like flowers need the right environment to grow, WordPress works best when it’s in a rich hosting environment.

More information on hardening WordPress –

Thus I hope that this post helped you in getting to know more about how to secure WordPress website from hackers.

6 thoughts on “How To Protect Your WordPress Site From Hackers & Malware

    1. You’re welcome Michele, it looks like you really care about your blog and you’re doing great. Your blog must be proud of you, happy blogging!

    1. Hey Victoria, Bluehost is one of the most recommended WordPress hosts mainly because they automatically update the core WordPress files if the user fails to keep them updated. Quite sometime back they achieved the feat of upgrading very old WordPress installations without breaking users’ sites. That was truly commendable!

      Coming to comments spam, you can use a free anti-spam plugin like Akismet to prevent your site from being bombarded with spam. Hope that helps.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.