WordPress Security Tips to Help Prevent your Website from Being Hacked

Services: Law Firm Website Design . SEO . Internet Marketing . Law Firm Marketing Guide . Content Marketing . PPC

Be Prepared

Every day, hackers are trying to get into your WordPress site. At times, theses hacks are out in the open, at other times you won’t know you have been hacked until it’s too late. In this article, I will review simple ways to protect your site from being taken over, secure your personal data and prevent website data from being stolen.

Today there are many types of attacks out there. The latest that our PaperStreet Security team (aka our developers) have come across are:

  • SQL and URL Injections – These are from commands that are added to your URL that will then trigger your database and possibly reveal sensitive material. Once a hacker has gained access to your database they can lock you out of your site and change content throughout the site. URL injections can also lead to the creation of spam links masking your site as the origin of the link. For example yourlawsite.com/buy-medicine-online. Your site can flood the Internet with these links in a matter of days. Don’t be alarmed; there are ways to prevent and block these attacks via your sites .htaccess file.
  • Brute Force Attacks – This attack is when a hacker will set up an automatic script to run on your site, trying millions of username and password combinations until they possibly get in. This is why I instruct all WordPress users not to use admin as their username and to create a secure password. The latest version of WordPress will generate a strong random password.

10 Steps to Help Prevent your WordPress Website from Being Hacked

step1lUse a Secure Host

Sometimes wanting to save money on hosting is not the best idea. Look for a host that is built for WordPress sites and is secure.

step2lChange Your Username from “Admin”

Remove the standard admin username from your user list. This is one of the most common ways someone can easily get into your site.

step3lCreate a Secure, Strong Password

Use the WordPress password generator included in the latest version or you can use a site such as strongpasswordgenerator.com

step4lStay Up-to-Date

Ensure all plugins and your WordPress core are updated to the latest version.

step5lSecurity Plugins

After testing different security plugins, I have found Wordfence to be the best security plugin out right now to fight attempted attacks.

step6lLogin Attempts

Always block a user who has failed after 3 login attempts.

step7lChange the URL to your Login Page

A normal WP login page is www.yousite.com/wp-admin. You can change that login URL to be whatever you want (ex www.yoursite.com/logmein). It is a simple change that will stump some hackers.

step8lBlock WP Editor

Within your wp-config.php file you can add code to block the editor in your WP dashboard.

step9lProtect you WP-Config.php File

Simply adding the following code to your .htaccess file blocks hackers from trying to access the wp-config file, which will then give them access to your database.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all


Always keep a backup of your database and site files. This can sometimes save a lot of time and money if you are ever hacked.

These are some of the more basic ways to prevent hackers. There are more advanced ways and codes that can be added for extra security, but these 10 steps above will start you in the right direction. Whether or not you are a client of PaperStreet, you can contact us for a security scan.

Related Posts

Ready to Take Your Website to the Next Level? Great Ideas & Results Only a Phone Call Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Let's get started.

Leave a Reply

Your email address will not be published.