5 Easy to Follow Steps To Protect a WordPress Website from Hackers
If your website has already been hacked this information is too late for you and you may wish to speak with a specialist company, such as ourselves, for getting your website back in your control. This information is for those who want to protect a WordPress website from Hackers before it has been hacked.
Why do Hackers do what they do?
There are two types of Hackers. “White Hat” and “Black Hat”. White hat hackers normally get access to your website and delete or amend posts in the blog. They leave you with access to your website. They would say they are highlighting to you that your website is insecure. They would also say that they are acting in a positive and helpful way. However, finding that a blog post on your website, that you may have spent hours writing, has been deleted does not feel like a positive action. Black hat hackers, like their white hat counterparts, gain access to the website and lock out users. Normally, a fee is negotiated to get your website back.
How can you secure your WordPress website from Hackers:
1. Creating WordPress Website Database
When using “softaculous” to install WordPress you can take some basic steps to start to protect the website from hacking attempts. Hackers scrape the internet for websites that are built on WordPress. One tell-tale sign they look for is the “name” of the database created when you install a WordPress website. By default, this uses a prefix of “wp_” and usually has a series of digits after it, for example, wp_123. This is a signature that hackers will search for. When running your WordPress installation change the “wp” to three random letters (don’t forget to add the underscore_ after the 3 letters).
2. Your Admin Account Login Details
I know, that you already know, that your login details should be unique and difficult to break. The trouble is that most of us know this, then don’t actually apply it. We assume hacking will happen to someone else and stick with our old favourite password. If you want to protect yourself from hacking – DON’T!
Use a random password generator to create your password. If you are worried that you will forget your password then use secure software such as Google Chrome password or LastPass to remember your passwords. LastPass is free software that not only remembers your login details but will automatically log you into websites, which is a huge timesaver if you frequently log in to multiple websites. It has a secure password generator and if you have a number of websites you log in to frequently, it will analyse the security of all of your passwords and make recommendations.
To often passwords are “created” by the user that is easy to type, that they think are random, however, they form a pattern that is easy to trace.
Another tip to manually creating a password is to use three random words together.
Answer these 3 questions:
- An item in view right now
- The colour of the top you are wearing
- The last thing you ate
Here is a list of the top 25 passwords that were hacked in the last year. If you recognise any on the list as yours – change it NOW!
3. WordPress Security Plugins
There are a number of plugins that you can add to your website to help protect you against Hackers. There are a number of different routes hackers use to get to your website. They will try to crack your username and password, they will use out of date plugins to access the back-end of the website, they will try and access the website through comments.
Here are the best plugins for WordPress security (in our opinion):
- Wordfence – cost-free. Protects against a number of hacking routes including trying to crack the username and password. It also has an informative panel in the dashboard showing the number of attempts to hack your website and the usernames that have been tried and failed.
- WP Guard – cost £99 – our own plugin offered as part of our WP Security package. Protects against all known hacking routes to your website. Call for more details.
- Cookies For Comments – cost-free. Ensures that comments are only left from computers with a “real” IP address. Reduces the chances of ‘bots’ spamming the comments to find a hole in security.
4. Keep Your Themes and Plugins Updated
WordPress Developers work hard to keep their plugins and themes secure. However, to get the full benefit of their hard work you need to keep the plugins on your website up-to-date. This can be a 10-minute exercise each day. If you have more than one website this can become time-consuming and frustrating. There is a free service on wpremote.com that allows you to add all your WordPress websites and from this one website check all of the plugins and themes on all of your WP websites and at the press of a button update them all. Up to 50 websites can be monitored and updated in just a few minutes. WP Remote checks and can update the version of WordPress, the themes and plugins.
5. Keep Back-ups of Your Website
The hosting account where you keep your website can automatically create back-ups of your website on a regular basis. Daily, weekly or monthly. Back-ups can soon fill your hosting account and so set the frequency on how often you genuinely update your website. Remember, and set dates in your diary, to review the number of back-ups in your hosting. A back-up of your website forms part of your website and the next back-up will back-up the website and the back-up, effectively creating a back-up of the back-up! Regular reviews and deleting out of date back-ups will solve this storage sapping issue.
These 5 easy to follow steps will help keep your website secure and up-to-date.
If you don’t have time, or the inclination, to take these 5 steps then consider the “WordPress Protection” service we offer from as little as £99 a month.