After my website and server were infected, I did research online, How To Prevent Your WordPress Site From Being Hacked in future. I now use them myself, and like to share them with you, so it will help you to keep your website safe and that you will not experience what I had to go through. As I said before, I am not that kind of techy myself, so I choose the most practical tips that are fundamental, but for which no coding is required. These steps will work for anybody, even if you are not techy at all.
[alert-success]Checklist 10 things you can do to prevent your WordPress website from being hacked …even if you are not techy at all[/alert-success]
1. Keep your wordpress version up to date
With every new wordpress release, security issues are dealt with. So it is important you update your site immediately when a new version gets released. Normally WordPress will notify you, but you can also activate a RSS feed on the site of WordPress Developers.
Note: from the top websites mentionned on Alexa, only 18,55% had activated the most recent version. So 81,45% are vunerable, because they have not.
2. Regulary check your plugins
- The moment you do not use a plugin anymore: deactivate and delete it.
- But if you still use it, make sure you update it to the latest versions.
- Old versions of plugins are holes for hackers to attack. If you use plugins that are 1 or 2 years old, and there have not been any updates, you have more risks.
3. Use your virusscanner after downloading an new plugin
If you did not write a plugin yourselve, let your virus scanner check if the download of a plugin is clean, directly after downloading it. So malware gets identified before you activate your plugin.
4. Do not use ADMIN as an adminstrator
One of the best ways to protect yourselve easily, is to give ADMIN rights to a username and password, that can not be easily guessed.
How to replace the user ADMIN to another user with adminrights?
- Login as ADMIN
- Add an extra user with adminrights, but with a username that is not easy to guess
- Login again with your new adminaccount and delete the original ADMIN account.
5. Use a password that is complex
At least 8 characters:
- Preferably 1 or 2 Capital letters
- At least 1 symbol
- At least one number
6. Do not provide a login screen if an error is made
Do not provide a new login screen if a user makes an error with login in. This makes it easier for hackers to enter your site. Keep it vague.
7. Only allow a limit attempts to login
With a free plugin like Login Lockdown, you can let people only try 3 times before their account is banned for 1 hour.
8. Keep control about what others post to your site
If you let people respond to your blogs, do not allow them to upload pictures or files.
Also be carefull with comments on your blog.The best way is to prevent URL’s to be shared and to not put it on automatically approved. Just manually aprove it or put it to the trash.
Adding a Captcha Plugin to your site might work, but there are also programs and services that can work around that.
9. Use Premium WordPress Themes
Not every developer of wordpress themes knows how to write script that is secure. You can choose to use a premium wordpress theme like MyThemeShop
10. Make A Backup Of Your Entire Website On A Regular Basis
I do not know about you, but I do not like to make backups of my computer. Furthermore: I do forget.
The best prevention is to make regular backups, so you will be able to restore your site in case your site gets hacked in future. What is the use of doing it only once a month or once a week if you have made a lot of changes in the meanwhile? So decide with what frequency you need to make a backup from your entire site.
It will save you months to rebuild your website, content and backlinks to get your position as it was before. It is best practice to have your backups installed somewhere else than the server of your main site. For instance with a service like Dropbox.
I also use them to backup the entire content of my computer, so if my computer would crash, I would still have access to all files in the cloud.
After all these tips, I hope you now understand the importance of backing up your website. Because no matter what holes we fix, hackers will continue finding our weak spots. And unfortunately, we can not control that. The only thing we can control, is what WE do to secure the content and structure of the site we so carefully built. So to make regular and complete backups is the best we can do.
Do not underestimate the importance of a good hosting company too. It might have been a security leak on their part too. Fortunately I already got to know the new hosting service from Hostgator special dedicated to the IM Niche and I moved my sites to them.
Motivated by my recent experience of having a hacked website, I have researched several wordpress backupsolutions out there. I found some premium ones, but it was still not what I was looking for.
I wanted a backup process that would allow me to make backups on autopilot, and that if I would need my backup, that it would be easy to get my website up and running again within minutes.
[alert-success]You NEED A PERFECT SOLUTION WHICH protect you from having to build your website from scratch ??? You Can Check Solution Here ![/alert-success]
[youtube id=”T_lebLgC2Ls” width=”600″ height=”340″ position=”centre”]