Every day, hackers are trying to get into your WordPress site. At times, theses hacks are out in the open, at other times you won’t know you have been hacked until it’s too late. In this article, I will review simple ways to protect your site from being taken over, secure your personal data and prevent website data from being stolen.
Today there are many types of attacks out there. The latest that our PaperStreet Security team (aka our developers) have come across are:
- SQL and URL Injections – These are from commands that are added to your URL that will then trigger your database and possibly reveal sensitive material. Once a hacker has gained access to your database they can lock you out of your site and change content throughout the site. URL injections can also lead to the creation of spam links masking your site as the origin of the link. For example yourlawsite.com/buy-medicine-online. Your site can flood the Internet with these links in a matter of days. Don’t be alarmed; there are ways to prevent and block these attacks via your sites .htaccess file.
- Brute Force Attacks – This attack is when a hacker will set up an automatic script to run on your site, trying millions of username and password combinations until they possibly get in. This is why I instruct all WordPress users not to use admin as their username and to create a secure password. The latest version of WordPress will generate a strong random password.
10 Steps to Help Prevent your WordPress Website from Being Hacked
Use a Secure Host
Sometimes wanting to save money on hosting is not the best idea. Look for a host that is built for WordPress sites and is secure.
Change Your Username from “Admin”
Remove the standard admin username from your user list. This is one of the most common ways someone can easily get into your site.
Create a Secure, Strong Password
Use the WordPress password generator included in the latest version or you can use a site such as strongpasswordgenerator.com
Ensure all plugins and your WordPress core are updated to the latest version.
After testing different security plugins, I have found Wordfence to be the best security plugin out right now to fight attempted attacks.
Always block a user who has failed after 3 login attempts.
Change the URL to your Login Page
A normal WP login page is www.yousite.com/wp-admin. You can change that login URL to be whatever you want (ex www.yoursite.com/logmein). It is a simple change that will stump some hackers.
Block WP Editor
Within your wp-config.php file you can add code to block the editor in your WP dashboard.
Protect you WP-Config.php File
Simply adding the following code to your .htaccess file blocks hackers from trying to access the wp-config file, which will then give them access to your database.
# protect wp-config.php
Deny from all
Always keep a backup of your database and site files. This can sometimes save a lot of time and money if you are ever hacked.
These are some of the more basic ways to prevent hackers. There are more advanced ways and codes that can be added for extra security, but these 10 steps above will start you in the right direction. Whether or not you are a client of PaperStreet, you can contact us for a security scan.