fbpx
top boutique web development agency
  1. Infrastructure
  2. Uncategorized

How to Prevent WordPress hacks

Written by Posted on Less than 0 min read
0
Create your free link page or bio page

An ounce of prevention is worth a pound of cure. This can’t be truer in regards to website hacks. WordPress sites are compromised not by sophisticated hackers but by bots written to exploit known vulnerabilities. These vulnerabilities include weak passwords, outdated plugins and themes, and poor-quality web hosting.

When a site is hacked, the following things can be effected:

  • Files can be uploaded to the server containing malicious code or PHP backdoors
  • Files already on the server, such as your theme files, can be modified
  • Code can be injected into your WordPress database
  • Users with administrative privileges can be added to your WordPress database
  • Numerous post and pages can be published containing spam code
  • Your site can be redirected to malware sites

In other words, having your site hacked can be a BIG mess to fix. It can truly take hours to recover, and your SEO can take a big hit if Google decides to blacklist your site. See: Sites Hosting Malware Get 30 Day Ban from Google.

Luckily, preventing hacks is quite easy, though it does require diligence.

10 Tips for Preventing WordPress Hacks

1 – Use strong passwords

You should get a password tracking tool like 1Password to track all your passwords. You can no longer use the same password on every internet account and get away with it. You can’t use your dog’s name or favorite soft drink or band name. You need unmemorable, long, difficult passwords.

In the past couple weeks, I’ve had two clients call me because their Gmail, Instagram, or AppleID was hacked due to using a weak password. It is very easy to use a password hacking program to discover what your password is. In both cases, my clients used passwords that could be guessed by a password detection tool in under 1 second!

Test the strength of your existing passwords here. and then give some serious thoughts to using 1Password and creating passwords that are long, complex, and obscure and change them frequently. With 1Password, you only have to remember one complex password.

2 – Keep WordPress themes, plugins, and core up to date

It’s not enough to login once a month or less to do updates. Exploits will occur within days on massive numbers of sites as soon as they are published. My forgotten site that I didn’t update was exploited within a couple weeks of the Gravity Forms vulnerability being announced. You must update immediately when there is an update. Read my post on how to update your WordPress themes and plugins safely to avoid breaking your site.

For plugins that don’t have front-facing functionality, you can use the Shield WordPress Security plugin to perform auto updates for you. If you manage more than one site, check out my post on site management plugins.

3 – Keep your server clean

Delete unused versions of WordPress on the server. It’s easy to forget these exist. Unused WordPress files, plugins, themes, etc., even if they are not being used, not active, not even associated with your current install can be exploited. Delete delete delete. Run a tight ship

4 – Check your plugins and themes for continued support

Don’t use plugins and themes that are no longer maintained. If your plugin or theme hasn’t been updated in a year or more, replace it. This can be a huge problem with themes. Many developers are fly by night and don’t stick around more than a couple years to support their theme.

When you shop for a theme or plugin, look for a theme or plugins with current support requests that have been answered in a timely manner, good star ratings, and recent and frequent updates. Not all top-selling themes are the best themes, however, they are more likely to have ongoing support and updates. Read the comments for quality of response and tone. Look for helpfulness, enthusiasm, thoroughness, quick response, good articulation, and positive attitude.

WordPress premium themes often come bundled with third-party plugins. The theme developer may or may not provide timely updates for these bundled plugins. For example, the Revolution Slider, a popular animated slider, comes bundled with hundreds of themes on ThemeForest. The Revolution Slider had a major security vulnerability in 2014. However, theme developers who bundled it with their themes did not necessarily update the plugin when they updated their themes. As a result, many themes on ThemeForest distributed a highly insecure plugin for months after the vulnerability was discovered. This vulnerability lead to tens of thousands of websites being hacked and directing traffic to malicious sites.

The upshot of all this is that if you purchase a premium theme that comes bundled with premium plugins, like Visual Composer, Layer Slider, Revolution Slider, or others, purchase these plugins SEPARATELY, so you can be notified of updates to those plugins specifically and not rely on a theme developer to keep you safe.

5 – Protect your computer and home network

Run virus scans all the time especially if you run Windows. Be careful of the sites you visit. You can inadvertently give your WordPress login away through a keystroke tracking Trojan which will steal your passwords as you type them on your keyboard. Protecting your computer is often about not visiting websites that are distributing malware. But, even known sites, such as friend’s cooking blog, could be hacked. So, you need some protection wherever you go on the web.

For Mac OS:

  • Scanning software isn’t usually needed, but I like Avira because it recognizes malware patterns along with malware and trojan signatures.
  • Turn on the Firewall in your System Settings (Security & Privacy). In the Firewall Options, check the box to Enable Stealth Mode. This will allow your computer to not be visible on networks.

For PC:

For your network:

6 – Run a WordPress security plugin

MalCare - one-click malware removal

I highly recommend the MalCare plugin by the makers of BlogVault. They have both a free and paid version. What I like the most about their plugin is that there are no configuration options which can be super confusing with other security plugins. Also, all the malware scanning takes place on their cloud servers, so there is no impact to the performance of your site. It also runs brute-force protection and a robust firewall.

The paid version is just $99/year, which is a bargain compared to other similar services. You can use this link for 10% off your first year: https://malcare.com/womeninwp

Please try it out and let me know how it works for you in the comments below.

I also like Shield WordPress Security by iControlWP. I have used Wordfence in the past, and it continuously created errors in the error log files on multiple sites. Other popular plugins out there can easily break your site or have you focused on “security” measures that do nothing for security while missing out on important things like login protection.

7 – Don’t login on public WiFi networks

If you login to your WordPress site on a public network, you are essentially giving your login credentials away to anyone else on the network who might be running packet sniffing software. If you don’t have an SSL certificate installed on your site (which encrypts your username and password on the network), then use a Virtual Private Network (VPN) service to encrypt your traffic on the network. Use this even if you do have an SSL certificate on your site as it’s good to stay in a virtual private network on any public networks.

8 – Install an SSL certificate on your site

This encrypts the data you and users to your site transfer via the site, such as when submitting contact forms or using login in pages. Otherwise, data is transferred like a postcard in the mail, meaning anyone who’s looking can read it. Having SSL installed on your site allows you to login security (via https) while traveling. Many hosts offer this for free, and you can use the Really Simple SSL plugin to force your content to use https.

9 – Consider better web hosting

Hosting companies like WP Engine, Site Ground, Kinsta, and Flywheel have your back when it comes to security. They routinely do security scans and will clean your hacked site for free, though I have known people to be hacked on these services, and it can take days to get unhacked (or not at all).  I’d still recommend running the MalCare plugin, because hosts are not malware experts. I have been hosting most of my sites lately with SiteDistrict, because their performance is quite excellent in terms of site speed (right up there with Kinsta), and their support is hands-on and proactive.

10 – Backup your site

While backups are not always all that helpful in recovering from a WordPress hack, they are essential for disaster recovery, especially when it comes to damage to your database which is where all your site content stored. See my post on Backing Up WordPress.

Ongoing monitoring of your site

  • It’s important to signup for Google Search Console to be alerted about any issues on your website.
  • Monitor error logs on the site via the cPanel File Manager or FTP (SFTP).
  • View Raw Access Logs on the server to track any users accessing files on the site, particularly. POST requests. If this is not turned on, you can turn archiving of Access logs on in your cPanel.
  • You can use the Shield WordPress Security plugin’s Audit Trail feature to track any changes to files or access to the site.

Summary

WordPress security is not hard. Cleaning up hacks is. Please take a little time to review your site, make a list of things you need to, and check them off one at a time. Start by getting everything updated and get a backup solution set up. Update your plugins and sign up for Google Search Console. Reset your passwords. I’ll be writing another post soon on how to audit your site to look for hacked files, so stay tuned!

Member since
About Maida She is Zipsite's all around Zipsiter. Only clocks out when she can barely stand. She sings, bakes, and tries so hard to be fit. But don't judge, she can literally strong arm you no problem. She's currently involved with eCorp, Contrib and VNOC, besides being a Brazilian Jiu Jit Su practitioner. https://www.zipsite.net
Do you like Maida Barrientos's articles? Follow on social!
Contribute for Tokens

More from Maida Barrientos

Why Should Small Businesses Create A Website In 2019?
  1. Web Development

Why should Small Businesses Create a Website in 2022?

64% of 1,411 surveyed local business marketers agree that Google is becoming the new “homepage” for local businesses. Via Moz State of Local SEO Industry Report …but please don’t come away with the wrong storyline from this statistic. As local brands and their marketers watch Google play Trojan horse, shifting from top benefactor to top […]
Written by
10 | Tips and Tricks On Anything But Net |
  1. Marketing
  2. Web Development

10 Most Rated Open Source Tools for Web Development & Design this 2019

Creating a website is not as easy as 1-2-3. A design and development project can eat up resources if not done properly – luckily, there are open source tools available that can help a developer produce beautiful and functional websites. These tools are created to be open and accessible for people who need help on […]
Written by
WPAutoContent | Tips and Tricks On Anything But Net |
  1. Marketing

WP Auto Content Review – Fetch Content from 100s of Source for Your Site in 1-Click

Captivating Content… That is correct! That’s what you need to get organic traffic and leads. If you want to make it big in the world of marketing, you need to master the art behind making good content. However, it takes so much time and money creating one. And in the end, you still can’t build […]
Written by
secrets to a perfect sales copy
  1. Launch A Startup

Secrets of a Perfect Sales Copy Untold

Good copywriting persuades. It convinces and coaxes a reluctant lead into a confident customer. It’s an essential part of your marketing and content strategy. Unless you’re okay with generic calls to action that barely register with your audience, you need to write in an engaging, interactive, and anticipatory way that makes your audience feel like […]
Written by
TALENTED WORKERS | Tips and Tricks On Anything But Net |
  1. Launch A Startup
  2. Working from Home Jobs and Tips

Where to Discover Talented Tech Workers and How to Attract Them

As a company vying for a place in the workforce in 2020, employing talented tech workers is the best strategy for accomplishing your goal. Without a talented team of employees who can help set your company apart from the competition, you would be dead in the water. Therefore, the human resources division of your company should always be focusing on identifying and retaining talented tech employees.
Written by
  1. Launch A Startup

Step 1 : Test Your Startup Idea

What is market validation? It’s a question I hear a lot, especially when mentoring young entrepreneurs. Market validation is the process of determining whether your product is of interest to a given target market. Market validation involves a series of customer interviews with people in your target market, and it almost always takes place before […]
Written by
gcash | Tips and Tricks On Anything But Net |
  1. Business Advice
  2. Monetization Tools and Programs
  3. Small Business Tips

Get Paid using GCash : A Comprehensive Beginners Guide to Using Gcash

Turn your smartphone into a virtual wallet—that’s what using the GCash app is all about. A mobile payment innovation in the Philippines, GCash has revolutionized the way people make financial transactions. With just a few taps on a smartphone, Globe and TM subscribers can quickly send and receive money, pay bills, and make other transactions […]
Written by
get MOD PODCAST
  1. Small Business Tips
  2. Business Advice

GET MOD – Money On Demand Podcast

We just published our very own Zipsite podcast!! It’s called, Get MOD! Money on Demand podcast features entrepreneurs at the top of their game giving insights and tips on their journey to making money on demand. We publish new episodes every Friday! So stay tuned for our money on demand future episodes! podcast Maida Barrientos […]
Written by
pexels photo 461077 | Tips and Tricks On Anything But Net | Technology
  1. Business Advice

Scheduling apps for businesses

Take control of your day and maximize time. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni […]
Written by
ea97c1b0 2cf0 11ec bbb5 1bbae96ce9bb | Tips and Tricks On Anything But Net | Technology
  1. Social Media

Twitter is testing big ol’ full-width photos and videos

Now testing on iOS: Edge to edge Tweets that span the width of the timeline so your photos, GIFs, and videos can have more room to shine. pic.twitter.com/luAHoPjjlY — Twitter Support (@TwitterSupport) September 7, 2021 Twitter first tested the bigger photos and improved image previews in March before rolling them out broadly two months later, […]
Written by
the best online video maker for digital marketers
  1. Ultimate Checklist Tools and Resources
  2. Social Media

The Best Online Video Maker for Digital Marketers

Want to know how to create professional content videos that are capable of generating millions of views and snatching easy front page rankings? If so, you need to check out this new video system called “Content Samurai”… I guarantee you’ve never seen anything like this before… Mark my words, it’s going to completely change the […]
Written by
10. Deepen your relationship with your parents “The parent-child connection is the most powerful mental health intervention known to mankind.” — Bessel van der Kolk In the important book, The Body Keeps The Score, Bessel van der Kolk M.D. explains that suppressed emotions and trauma lead people to unhealthy and addictive cycles. One of the most fundamental components of making a positive change in your life is developing a healthy relationship with your parents — whether they are alive or not. Your relationship with your parents is a powerful indicator of your emotional well-being as a person. It doesn’t matter how “successful” you appear on the outside, if you don’t have this key relationship established, then chances are you are an emotional wreck. Oftentimes, people have “toxic” or unhealthy parents. These parents should be viewed and treated with love and forgiveness, not spite and disdain. As you improve your own life and deepen the relationship with your parents, you often give them permission to expand and evolve themselves. They need you just as much as you need them.
  1. Blog
  2. Business Advice

10 Tips that will make you unstoppable in Your Career this 2019, Year of the Pig

According to the British philosopher, Alain de Botton, “Anyone who isn’t embarrassed of who they were last year probably isn’t learning enough.” How different is your life, right now, from where you were 12 months ago? If it’s quite similar, then you haven’t been learning very much. To learn, by nature, is to change and […]
Written by
google business | Tips and Tricks On Anything But Net |
  1. SEO

How to Get a Free Business Listing with Google Business

Did you know that you can easily boost your business’ online presence by listing it on search engines like Google? By creating a knowledge panel for your business, you can share important information about your business like address, phone number, website, customer reviews and much more!  Getting your business listed on Google is easy and […]
Written by
copyright meaning
  1. Web Design

Copyright Law Essentials All Designers Should Know

Thanks to headlines featuring big companies like Google and Oracle, copyright law is an often-discussed but frequently-misunderstood topic. This article was created specifically with software developers and designers in mind. As software designers or developers, you have the important task of ensuring that a program works the way it is supposed to while being efficient, […]
Written by
small business resources
  1. Small Business Tips

Small Business Resources to help You Manage through uncertain Times

As communities throughout the world respond to COVID-19 (coronavirus), we know that this time presents unique challenges for businesses. Here are some tips and recommendations to help you navigate this for your employees and customers. For the most timely information and guidance on COVID-19, please monitor the World Health Organization website. Communicating with your customers […]
Written by
MUSIC FOCUS WORK | Tips and Tricks On Anything But Net | Featured
  1. Tips and Tricks On Anything But Net

Focus Music : Brain.fm and Music Apps To Help You Focus On Work

For many students, a study session doesn’t start until they pick their perfect music playlist. After all, when you have a mountain of classwork to power through, a solid soundtrack can provide a much needed energy boost and dose of motivation. Fortunately, Spotify is making it super easy and affordable for students to access the […]
Written by
Next
No Comments
Leave a comment
Comments to: How to Prevent WordPress hacks