WordPress Hacked? Here’s How to Prevent It
WordPress Tutorials
Worried that your website might be hacked, or looking for the best methods to help prevent your site from being hacked? This guide we created is just what you need.
This list is by no means completely comprehensive, but being proactive in these 3 areas should go a long way in protecting your website and preventing future grief that comes as a result of having your website hacked.
1) Get a Backup Plugin with Backup Retention — It’s Your Best Defense
The closest thing you have to absolute protection is a backup & restore plugin. Why? Because being able to restore your website to a time before it was hacked is the ultimate security. It might seem that security plugins would be our first recommendation instead of our second. But no security plugin provides 100% protection. There will always be undiscovered vulnerabilities. As you read this, hackers may be exploiting vulnerabilities across thousands of websites—vulnerabilities as yet undiscovered by security plugins.Free vs Paid Backup Plugins — What’s the Difference?
There are free backup plugins, but the truly useful ones are the paid backup plugins. These provide critical features like extensive backup retention, allow for larger backups, and provide scheduling and automation. These important features cost companies to maintain, which is why every good backup plugin typically has a yearly fee. Trust us — and your web developer — when we say that the small fee is worth it. How much would you pay for one year of peace of mind? Better yet, how much would you pay up front to prevent paying the costs of fixing a hacked website later? If you’re serious about protecting your website from hackers, a backup & restore plugin is one thing you don’t want to skimp on. Here’s a comparison of the BoldGrid Total Upkeep Backup Plugin with 2 other popular options.2) Get a Security Plugin That’s Well-Maintained
Security plugins provide scanning, blacklist monitoring, website firewall, vulnerability updates, and a whole assortment of other features to protect your website. To save you some searching, here are three of the most popular plugins that are well-maintained and go a long way to helping keep your website secure. Moreover, they’re all free, and two of them have premium versions with enhanced features: Wordfence Security – Firewall & Malware Scan- 2+ million active installations
- Free version
- Premium version starting at $99 per year per license
- 700,000+ active installations
- Free
- 400,000+ active installations
- Free version
- Premium version starting at $199.99 per year per license
3) Keep Your WordPress Website Regularly Updated
We’ve all seen the highlighted message at the top of our WordPress dashboard imploring us to update to the newest WordPress version. Web hosts are starting to adopt the practice of updating their customers’ WordPress installations automatically. Still, it’s quite likely your web host isn’t there yet, and if so, this is something that’s very important to monitor—and when updates are available, it’s generally best practice to install them right away. Before updating, you should know this:- Having a good backup plugin is absolutely essential. The advice from the professionals at WordPress states: “Before you get started, it’s a good idea to back up your website. This means if there are any issues you can restore your website.”
- When updating your WordPress, your theme and plugins may break. Plugins can be disabled until a fix is found; but a theme—your website’s aesthetics and functionality—is far more important. Therefore, it’s important to have a theme with excellent support. Firstly, they’ll have the bandwidth to keep their theme updated and functioning with the newest WordPress releases. Secondly, if something breaks with your theme, they can help.
4) Other Wisdom
- Don’t ever use the username admin.
- WordPress has a built-in password strength meter. Make sure your passwords are always “Strong.”
- Get a plugin which limits login attempts. This helps prevents brute force password discovery.