74,652,825 sites hosted on the internet are depending on WordPress, at this moment. Being such a big player in the self-hosted websites segment, WordPress is the victim of high rates of hacking. Therefore, if you want to make sure you website or blog is fully protected against unauthorized penetration, you need to follow few simple steps.
Hacking can be possible if your WordPress website is vulnerable, therefore predisposed to malware, files change or malicious content upload. But you can keep your guard up and your WordPress blog protected by constantly updating the plugins. The main reason of plugins updating is to prevent bots from finding your blog’s vulnerabilities. Plugins are most often overlooked by normal users, this being the perfect hide-out for hackers and their malicious files.
Therefore, if you receive any notification with regards to you plugins update, take few minutes and update them, unlocking all the possibilities of being hacked. Piece of advice, back up all your data before any update, in order to prevent any sad information loss.
Moreover, after you have installed the latest version of WordPress, the latest version of all installed plugins and the latest version of all installed themes, make sure you delete every plugins or themes that you don’t use or need anymore. These can be considered an end loose and can become outdated without you noticing, enhancing hacking risks.
Word Virus Total
VirusTotal is a free service that analyses suspicious files and URLs and facilitates a quick viruses detection, worms, trojans, and all kinds of malware. You need to make sure that every plugin you update or any theme you install is verified before you make any move. Their scripts can be crawling with malicious content that can affect the health of your website, slow your WordPress website loading speed and, worst case scenario, can take down your whole blog. Before updating a plugin or a free theme, you can perform a virus check.
You can try the WordFence plugin, a security tool that includes anti-malware, a firewall and an anti-virus scanner. This plugin is like an invisible little helper that can follow your live traffic stats and any malicious login attempt to your WordPress website or blog. In addition, you can setup login limits to your account, to minimize any hacking possibilities. You can download the free version of WordFence plugin from here.
Protect yourself from Admin hacks
If you are still using “admin” as username for your blog, stop! In this moment, log in to your WordPress admin dashboard using your old “admin” account. Select “users” from the sidebar, and choose “Add New User”. Fill in the form and choose “Administrator” in the “Role” drown drop menu. Make sure you have a spare e-mail address to use, different than the one currently linked to your user account. Click “New User”, log out and log back using your new username and password.
After you have accomplished all these steps, go back into the User area and delete your previous account. You can either delete your previously published articles or attribute them to your new username. After you confirm the deletion of your older account, you are safe to carry on. This will be the first unlocked window that bots will try to check. Surprisingly, most attacks are made on websites or blogs that have “admin” as username.
‘Replace WP-Version’ Plugin will hide your WordPress version
Installing the Replace WP-Version plugin you can make sure that the crawling bots are not figuring out what version of WordPress you are using. WordPress displays its version, by default, in the source code, exposing your vulnerabilities. Replace WP-Version is one of the easiest way to protect your WordPress website from hackers. In this way, you secure your WordPress installation and eliminate or replace your wp-version and database-version.
Domain Security Pro
This solution is another great protection against hackers, for your WordPress blog or website. Domain Security Pro allows you to change your WordPress password without logging in to your account. This tool sets a htaccess password automatically, without going to your cPanel account.
WordPress File Monitor Plus
You can monitor files under your WP installation for any activities (added, deleted, changed files). When that is the case, you will be notified via an email alert. You can configure the WordPress File Monitor Plus plugin so that every 30 minutes it will take note about the changes interfered. When the plugin finds that something changed, it will send an email to the specified address, so you can stop the hackers attack before it spreads or so you could see what files are corrupted.
You can exclude files and directories from scan (for instance, if you use a caching system that stores its files within the monitored zone).
Login Lockdown or BruteProtect
Installing one of these two plugins will protect your WordPress website from hackers, by limiting the number of login attempts from a given IP range, within a certain period of time. In this way, you will be protected against brute force attacks.
- Login Lockdown detects if more than a certain number of attempts are detected within a short period of time from the same IP range. Then the login function is disabled for all requests from that range. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
- BruteProtect works by the same principles, tracking and blocking IP addresses that continually try to login by brute force. This is a cloud-powered Brute Force attack prevention plugin and the best protection against botnet attacks.
Choose a good web-hosting service provider
Cheap or free web-hosting service providers look like an easy choice, however, be warned! This kind of solutions do not have the folders CHMODed. In order to protect your WordPress Website from hackers, you can choose a well-reputed and secure provider such as GoDaddy, HostGator or iPage.
Back up your website very often
The hackers will be less tempted to touch a very strong website, when taking down a vulnerable one is much easier. Backing up is one of those simple tips that will protect your WordPress website from hackers.
- There are a lot of plugins that can help you with backing up regularly, but BackupBuddy is one of the best out there. This plugin comes in different pricing plans, but the perks are quite convincing to buy it, as you can migrate right from WordPress, can replace the URL, sterilize the data or restored a hacked website in just 5 minutes.
- However, if you are searching for a free alternative, Backup is a free plugin that allows you to create automated backups, send them off to Dropbox or FTP, and restore them quickly.
- Similar to it, is UpdraftPlus, which can perform backup in an instance, even if the interface is not so shiny and intuitive.