One of the most important things you can do if you run a WP blog is to secure WordPress from hackers. Most of us use WordPress because it’s very easy to use and it offers the ability to extend it far beyond a cookie cutter blog. Due to WordPress’s popularity it’s targeted by hackers and vulnerabilities are found which require you to constantly update it or be open for attack. I will go over how you can run a secure WordPress website.
How to secure WordPress from hackers can be done in numerous ways as I will discuss here and hope that you will take advantage of these critical tips that can prevent being hacked losing time and money.
There are plugins and external scripts and services that monitor your WordPress site. There are even WordPress Secure hosting services. But for this post I am going to assume you are happy where you are and don’t want to spend a massive amount of money. In fact I want to cover the least expensive and free ways you can protect your WordPress site.
I want to stress no site can be 100% hacker proof, because when you are exposed to the public or on shared hosting you have to open a few things up that could be exploited, our task is to make it harder for the hacker to do so.
Many years ago when I created a script called WordPress Secure Pro, I think this was back in 2005 or so and I sold a lot of copies. My motivation for making the script was that a few of my sites got hacked and it was a royal pain to fix them, it costed many hours and a lot of headache. I knew right then most people did not know how to make WordPress secure and it needed to be made point and click easy. O
The first step you can do to secure WordPress from hackers is to update your WordPress installation, plugins and themes to the newest versions. I am shocked to see how many people still run WordPress versions that are years old, and people just neglect updating their sites. This leads to being hacked, because all of the security vulnerabilities that have been found over the years makes your site a hacker magnet.
Some people run many blogs and find it quite a task to keep all there plugins and sites fully updated. I have this issue myself with over 100 WordPress blogs. I finally decided on using InfiniteWP to manage all my sites. InfiniteWP is a script, not a plugin. Again the base InfiniteWP is free, just go to the downloads page. It does not use WordPress, but you install it to a website you own in any directory and it will monitor your WordPress blogs for needed updates. This is great because it works on Linux, Mac, PC and mobile devices.
InfiniteWP has a plugin system of it’s own that allows to you expand it’s functions. I use the backup plugin to do backups of all my sites to Google Drive and Dropbox. This allows me to keep offsite backups of my sites incase the web server gets hacked, and I lose everything.
You can add monitoring of your sites downtime, scan for malware and many other important tasks all from one interface. This means you can control all your WordPress blogs from one location. It allows you to moderate comments, create and edit posts as well. It’s the swiss army knife of managing many WordPress blogs.
The best thing about InfiniteWP the baseline system is free, which monitors your sites for updates. This goes a long way to secure WordPress from hackers just by keeping everything up to date. Again this is FREE to get started!
WordFence is another free asset you can deploy to secure WordPress from hackers
Next is one of my all time favorite plugins… WordFence, WordFence is a native plugin and runs inside your WordPress sites. You install it, configure a few settings and you just added an iron wall of protection to your sites.
WordFence does have a paid option as well, but the free version will provide much of what you need if you are on a budget. I use Wordfence on my sites and my favorite settings are to block scanners posing as crawlers, block vulnerable URL attacks, block bad login attempts and much more. There is no reason not to install WordFence, I only found 1 plugin it would not work with S3 Media Mastero other than that 1 plugin it’s been flawless.
Other things you should do to secure WordPress from hackers…
Do not use the username of admin to administrate your blogs. Nearly everyone uses admin as the login and it makes it easier to brute force the password with the know username.
Use a complex password, seriously use a password of letters, number with mixed case as long as possible, but at least 10 characters in length. And use a different password per blog, if this seems like too much then mix it up use the same password, but add the last 2 characters of the domain name the blog is on.
For example if I used H@ppy4m3 as my password and my domain is imsmartmoney.com I would add the last 2 characters of”ey” to the end so it would be H@ppy4m3ey, most will not catch on to what you are doing and will allow you to use the same password for every WordPress site you own with the 2 character add on of the domain. That way if someone got your password to one blog, they would not have it to all your blogs.
Keep your computer spyware free, your WordPress site can be secure, but if your machine you log in to it isn’t then your site can still be compromised. Always run an anti-virus software and scan for spam regularly.
Use rename wp-login plugin to change your login URL to an uncommon one. Many brute force attacks use the standard wp-admin login URL to try to force there way in to your system. Rename the URL with his plugin to prevent this and secure WordPress login.
Uninstall or deactivate plugins you do not need. Plugins can have vulnerabilities as well so disable or delete them entirely to keep them from being exploited and secure site pages.
Backup, backup, backup… I can not say this enough. As I mentioned this before with InfiniteWp because it does backups automatically and offsite if you want it to. If your budget is tight and you can not afford the InfiniteWP backup plugin then get the Duplicator plugin. It’s free version allows you to do manually backups. It stores them on the WordPress server where you can download them. Nothing sucks more than losing your entire site and not having a backup.
Manual inspection, of your sites. If you don’t go with InfiniteWP Malware scanner, then you need to check on your sites every few weeks. If you have many sites this can be a chore, but it’s a necessity to assure that your WordPress sites have not been compromised. Compromised sites will get blacklisted and removed from search engines. This will kill all your free organic search engine traffic.
Limit access to your sites. If you really do not need sign-ups to your sites, disable them. If you allow comments then install anti-spam plugins or require moderation, this can turn in to a lot of work if you manually approve all comments. If you do not control your comments your site will become a spam magnet. Also a lot of spammy comments will hurt your search engine ranking as well.
Use caching plugins, believe it or not it will help prevent breaches and assists in denial of service attacks and brute force attacks. I highly recommend Zencache Pro, not only to secure WordPress from hackers, but increase site speed and allows you to serve more visitors at the same time which can boost search engine ranking if your site is fast. Zencache Pro is used on imsmartmoney.com and has really speed things up.
WordPress sites are many Internet Marketers bread and butter and not to treat them with care is plain foolishness and asking for trouble. Anything I recommended here including scripts and plugins I use on my sites.
While nothing can guarantee you 100% protection if you follow the suggestions I have laid out here you will be in lot better shape against attacks and loss of data, so secure WordPress from hackers before it’s too late!