Protecting your WordPress site

First things first, WordPress is great, it’s our CMS of choice for all of  our clients, but, because it powers over 40% of the web, it does make it susceptible to hackers. You can however run a perfectly safe WordPress installation by taking a few precautions.

What do these hackers do?

Hackers execute a Distributed Denial of Service Attack (DDoS) attack. A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

Alternatively, they try to infiltrate your WordPress database or install. Usually by creating a single PHP file which, when executed, creates various other files across the root and sub directories of an installation.

How do I protect my site from WordPress hackers and malware attacks?

  1. Don’t use defaults.
    • Don’t use admin as your user login (this is an easy one)
    • Don’t use wp_ as your default database prefix (You can use a plugin to achieve this)
    • Don’t use /wp-admin or /wp-login as your login method (You can use Custom Login URL to achieve this too)
  2. Install an anti Malware plugin. We recommend GOTMLS anti-malware, we have used this to recover clients sites in the past and can’t recommend it highly enough.
  3. Install a security plugin. There’s lots to choose from, we recommend Wordfence, or All in One WP
  4. Install a backup plugin for the future.
  5. Speak to your hosting provider about installing additional security at the server level.
  6. If all the above fails, or looks to hard, then speak to US, we would love to help!