Web Design Tips

Prevent WordPress Hacking with these 7 easy tips

Avoid WordPress Hacking in 7 easy steps
169

You probably often heard about hacking of websites. Many times you just read a news story and forgot all about it.

 

WordPress hacking though is something which could visit any one of us running a WordPress site.

 

Why would a hacker want to hack a small WordPress website you may ask?

 

  1. Use it to get their adverts ranked better in search engines
  2. Use it to distribute malicious software
  3. Use it to attack other websites …

 

The list goes on.

 

You need to do a few strong and hard actions to prevent your WordPress website from getting hacked. Here are 7 easy tips should implement on your WordPress website.

 

This article first appeared on DART Creations as The Essential Checklist to Prevent WordPress Hacking

 

1. WordPress Security starts with your workstation

Funny, how when we think about the security of our computer we tend to forget our own computer. If your own desktop is infected, it is more than likely going to pass on the infection to your website.

 

Make sure you keep all of your software updated. Mac or Windows. Software and browsers should be on the latest SUPPORTED versions!

 

Old versions will have vulnerabilities which WILL infect your machine no matter how many precautions you take.

 

2. Keep WordPress on the latest version

Every release of WordPress addresses a number of security fixes. Each time you don’t update to the latest version, you are literally leaving a door unlocked.

 

There are known vulnerabilities which hackers will exploit if you don’t have the latest version of WordPress installed on your site.

 

Side note: Consider a host which keeps your WordPress site updated automatically and takes your website’s security seriously.

 

3. Use a complex admin password

Prevent WordPress hacking: create a secure password and don’t use easy passwords

Complex password are NOT overrated. Users tend to prefer something shorter and easier to remember; a fact hackers know and take advantage of.

 

A good strong password comprised of letters, numbers, and any other valid characters will actually go a long way to protect your WordPress blog. Don’t use single words (regardless of length), letters-only, or numbers-only passwords either. What you’re trying to do is break the known patterns to make hacking difficult, if not impossible.

 

4. Use trusted sources only for downloads

If you are running on a tight budget you might be tempted by the option of downloading all the features and functionalities of premium plugins/themes for free – through pirate sites.

 

Would you trust a pirate with your gold? I think not.

 

Pirated sites are ill-reputed because they will fill those legit ‘premium’ plugins/themes with malware and let the downloaders do the rest. They will put hidden backdoors in that software. They will convert your brand’s online appearance into a giant poster for enlargement pills – or even worse, malware.

 

This is a known and very popular tactic of hackers. Pirated themes and plugins are riddled with backdoors and malware.

 

You can on the other hand trust sources like Envato Market (Theme Forest, Code Canyon), Elegant Themes, etc.

 

5. Plugins to prevent WordPress hacking

Your wp-admin should be protected. The login page and admin directory are available to all: including those with malicious intent.

 

You should strengthen the guard around admin with WordPress security plugins like:

 

 

It will limit number of login attempts for each IP address, including your own (with auth cookies).

 

 

This plugin is a superb security solution in general. It runs a WordPress security scan. It also pays close attention to preventive measures so you don’t get hacked in the first place.

 

6. Backup your WordPress site (just in case)

What if, in spite of all the prevention, you still get your WordPress hacked. A backup is one of the first things you’ll need to restore your site if you do get hacked.

 

Backup your WordPress site at least as frequently as you run maintenance or update it. There’s no excuse to be lax in this department, not when there are some quite thorough services and plugins that will run automated backups for you. There is VaultPress, UpdraftPlus, WP-DB-Backup, BackupBuddy, etc.

 

Create a schedule and let the plugin do the rest. Some of these plugins come with easy restore options. Check to ensure that the plugin is backing up entire site, including all databases and directories.

 

7. Secure WordPress though correct File permissions

The rule of thumb is 755 for directories and 644 for files. Although, this varies depending upon server and the type of file in question – in most cases, you should work very well with these permissions. It would be best to ask your host to check, or if you’ve got direct access, you can do this yourself.

 

Never ever set file permissions to 777 (not even temporarily)

 

If you are serious about wanting to prevent WordPress hacking – Never set file/directory permission to 777 unless you want to give complete control over it to everyone, including hackers.

 

There is a very dangerous tendency amongst beginners to set file permissions to 777, “because it’s easy”, or “because we’ll fix it later”, or “because I’ll change it later”. This is extremely dangerous – 777 means anybody who wants can change the contents of that file. With those permissions set, your website is an open house.

 

Once they have access to one file, rest assured it is very easy to jump to other files or install backdoors and other nasty stuff to your site.

Abrar Ahmed
Abrar Ahmed is the co-founder of HowFreelance and ProDollars. He helps companies like Flexicom, Zero Defects, Kliir and Blue Artists grow their revenue by his unique web designs. He has also worked for crowd sourcing companies including Odesk, Freelancer and Fiverr. His web design and web development services are most affordable and is dedicated to teach web design beginners and professionals the quality web design tips and business effectively. You can contact through his Google+ page, Facebook Page or through Twitter
You may also like
stamplia builder featured image
Buy/Sell Your Templates with STAMPLIA easily
css-tutorials-training
Top 5 CSS tutorials and tools for beginner css training

Leave Your Comment

Your Comment*

Your Name*
Your Webpage