Top 9 Ways To Protect Your WordPress Site Against Hackers
Security is one of the least understood aspects of maintaining a website, yet it’s one of the most important.
Your site holds a lot of valuable content that you’ve invested hours into and want to protect.If you’ve established (or want to establish) an authority site, it also represents your online reputation, which is quite valuable and worth protecting as well! So you have two choices. Either
- harden your site against hackers.
- live with the anxiety of knowing that eventually someone with bad intentions will invade your virtual home.
Fortunately, you don’t have to live in fear. Use our top tips to reduce your risks and better protect your site from attack.
1 – Don’t Use an Obvious Username and Password
If you want the best shot at beating the hackers, be smart. You don’t want to do things the usual way, and you definitely don’t want to be obvious.
You would never leave the house front door open, even just a bit, with a sign advertising you aren’t home. You essentially do that with your site when you use “admin” as your username and select a weak password.
The weak password is an open door because it makes it easy for hackers to find their way into your site. Fortunately, WordPress now guides you to create a strong password.
The old default “admin” username is a glow-in-the-dark flag that tells hackers your security standards may not be up-to-date. Put together an “admin” username and a weak password, and you have an attractive site for hackers.
The current version of WordPress does away with automatically assigning “admin” as your administrator account, but your host may automatically create that username when you install WordPress.
If the username is “admin”, immediately create a new administrator account and then delete the “admin” account entirely.
While you’re setting up your new administrator account, make sure to change the name featured in the Nickname field to something other than your actual username. The nickname is what the public sees. This will throw off hackers who visit your Author Profile pages in an attempt to determine your username.
You can do this for all administrator accounts on your site by visiting the user profile and making the change. Do keep in mind that there are situations where your username is visible, so don’t choose a username with the idea that it will always be completely hidden.
2 – Encourage Humans to Comment, Not Bots
You shouldn’t need to scan all of your visitors to ensure they’re human, but that’s exactly what you need to do to prevent bot attacks.
The easiest way to do this for all visitors is to add the SI CAPTCHA Anti-Spam plugin.
This will require users to type in letters or numbers presented to them when they try to leave comments on your posts. Bots don’t have human eyes to detect those words and numbers, so they have a hard time passing the test.
3 – Pay for Quality
Many people start their new site with the cheapest hosting they can find. They then use a free theme found online and add cheap or free plugins.
There’s nothing wrong with this approach when starting a site on a shoestring, but you need to improve the quality as soon as possible.
This means selecting your hosting service, theme, and plugins with an eye for security as well as price.
Some hosts are more secure and resistant to hackers than others. Some theme developers are more conscious of building in safety measures than others. The same goes with plugins.
Use tested and reviewed plugins whenever possible so that you don’t inadvertently leave an open back door to your site for hackers to get in.
4 – Don’t Ignore Updates!
When WordPress releases a major update, download it as quickly as possible, but not until the x.1 version is released. Security updates (4.x.1, 4.x.2, etc.) will install automatically to address known security risks (unless you have actively disabled this feature), as there are always new security risks developing.
Hackers get smarter and more sophisticated, and WordPress does whatever possible to combat hacking efforts through security patches included in program updates.
Also update plugins and themes as soon as they’re available. That’s one of the easiest and most effective ways to make sure that you keep your site safe and the hackers out.
You’ll see notices in the Dashboard when new versions of WordPress, or plugin or theme updates are available, so there’s no excuse not to stay as current as possible.
5 – Back Up Your Site, and Update Regularly
If something happens to your site, a backup copy always makes it easier and faster to get up and running again.
Don’t leave anything to chance, even if you do have spectacular security on your site. Backing up is a small thing to do, and having that backup is a lifesaver when you need it.
SiteSell recommends UpdraftPlus, a plugin that lets you back up your site automatically, at intervals you determine, and store those backups in a location you choose.
6 – Get ‘Round-the-Clock Protection with Site Monitoring
You don’t want to constantly worry about whether there’s a hacker trying to get into your site. For peace of mind, the most natural thing you can do to eliminate that fear would be to sign up for a security monitoring service.
SiteSell recommends the Sucuri plugin, which provides monitoring and enhanced security for WordPress sites, just as alarm companies do for houses.
When a hacker launches an attack on any site running the plugin, your site will automatically be protected from that same attack.
You also receive notifications from the plugin alerting you to potential dangers on your site. If something does go wrong, you’ll know where the problem is and can fix it quickly.
You can also benefit from a web application firewall and fast protections that harden your site to outside intrusion.While that portion of the plugin isn’t free, it could be the best money you ever spend to keep your site safe. If you’re on shared hosting and don’t have a lot of time to keep your site protected against potential threats, this is a great resource to ensure you don’t have to worry about an attack.
Many of the managed WordPress hosting services (not the shared hosting you’ll find on services such as GoDaddy or HostGator) include site monitoring in the monthly fee.
7 – Clean Up After Yourself!
Keeping your site tidy and well organized also hardens it against hackers.
Start by deleting all unused themes and plugins. They’re just potential holes into your virtual home, and you want as few holes as possible, especially if you’re receiving no value from them.
Before you can delete a plugin, your first must deactivate it. You’ll then see the option to delete.
To delete a theme you’re not using, go to Appearance / Themes in your Dashboard. Click the theme you want to delete. When the theme details pane opens, click the small Delete link in the lower right-hand corner.
8 – Keep the Content Fresh
Updating your content and adding new content regularly is not only good for improved search engine rankings, it’s also helpful to show everyone that you’re active on the site and it’s not sitting unattended much of the time.
If you aren’t available to update your site for a while, then plan ahead and schedule a few pages/posts to publish while you’re away.
Regular updates send a message to let hackers know that someone is actively using the site and they aren’t welcome.
9 – Be Ready When and If It Happens
You need to be ready to address any hacking right away — before Google discovers it and blocks or blacklists your site.
Develop a plan now so that you know how to handle the situation. Then, if it happens, you’re ready, especially psychologically. You’ll be able to clean up your content and reputation before any significant damage is done.
BONUS! – Join the SiteSell Community
These plans and preparations are great, but how will you know when things change? That’s one of the many benefits you’ll gain when you join the SiteSell Community and sign up for SBI! for WP.
SBI! for WP includes an active community of other WordPress users and online business owners, as well as incredible business learning, tools and processes.