How to Keep Your WordPress Website from Being Hacked

You Have Been Hacked

6 Simple Tips to Keep Your WordPress Website from Being Hacked

Did you know that WordPress websites get hacked more often than those hosted over other platforms? But the hosting company is not to blame for it! WordPress has provided its customers with several tools to prevent hackers from gaining access. It’s not their fault that the customers don’t make good use of these tools.

Your website is important; it’s how your customers find your business online. Downtime means lost business, simple as that. If your customers visit your website and there’s a giant message that says ‘Website Hacked’, it definitely doesn’t look good for your business.

WordPress is known to have one of the most secure protocols for an open-source software. And they employ several ethical hackers to pinpoint security loopholes on a regular basis. As a user, you only need to help the developers boost their protocols, thus preventing the black-hat hackers from gaining access to your website. Here are 5 simple tips you can follow to fortify your WordPress security a notch.

Keep Changing your Password

By this, we don’t mean keep changing the password every time you login. Ideally, you should change it at least once a month. If your data is of a sensitive nature, we would suggest changing it every other week. For all you NSA employees who like to store classified information on WordPress, a daily change might just be adequate.

Also, keeping ‘password’ as your password is so out of fashion. Don’t set it as your birthday or the color of your nails either. Think up something that doesn’t relate to you in any way whatsoever. Say an ‘oldsyringe’. Now, capitalize a couple or three letters – olDsYrINgE. Sprinkle a few symbols in there – o/D$YrINgE*. Add a couple of numbers – 0/D$Yr1Ng3*.. And there you have it, your very own inexplicably secure password! Now all you need to do is try and remember it.

Backup your Data

Backing up your entire database can be a very cumbersome task, even with the help of custom-made applications. Thankfully, you don’t need to do it every day. On the other hand, the frequency of backup also depends upon the sensitivity of your documents. We would suggest backing it up once every week. Use a WordPress plugin like ‘Backup Buddy’ to ease out the process.

Keep your WordPress Up-to-Date

Did you know that no website or application is ever completely secure? If the developers fix one security breach, the hackers find another. That is the reason why the developers keep updating their website – to fix the known and newly discovered gaps in the security.

Consider an application like ‘Steam’. Did you notice that it gets updated every single time that you boot it up? The frequency with which an app or a website gets updated determines the level of its security. The more the updates, the better will the security be. So, remember to update your WordPress whenever it turns up.

Don’t have time to do this? We offer a maintenance service where we will manually update and secure your website on a monthly basis.

Rename the Prefix of your Login URL

So far, the security measures were easy to understand. Now, we have stepped on to bit more difficult waters. If you take a look at your address bar at the login page, you will notice something like ‘wp-login.php’ or ‘wp-admin’. The prefix ‘wp’ is the critical part of the URL. Since hackers know the default prefix is ‘wp’, it makes it easier for them to access your account. Gaining access via known URLs is called a ‘brute force attack’. Here’s how you could prevent this from happening.

You can use the ‘WP Security Scan’ plugin to change the prefix of your URLs. Simply go to the ‘Database’ tab and add any prefix that you can come up with. If you are still finding the process difficult, you can consult our experts. We will help you out in no time.

Block Access to your Directory

A directory is that part of your website which contains all the important information. If a third person is able to access your website’s root directory, then he/she can eventually find a way to maneuver your security measures and hack your database.

Just go to your .htaccess file in the root directory and add these two lines of code –

# disable directory browsing
Options All - Indexes

There are a few other complex codes that you can add to better secure your directory. If you need help with this and the other complex codes, we have professionals that can do this for you.

Prevent Search Engines from Displaying your Admin Section

Oh yes, Google crawlers have a knack of indexing and displaying your WordPress admin section. While a regular guy browsing the web may not be able to do anything with the section, it will attract hackers like bees to a daisy. With a few complicated tweaks, they can gain full access to your admin page. You will need to create and add the following lines of code to your robots.txt file in the root directory.

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

That’s It!

There are a few more tweaks that you need to make before your WordPress website is as secure as ever, but they are more on the technical side of things.

Still can’t figure out how to create the .txt file or access the root directory? Don’t worry, our professionals are here to help! Contact us right away to secure your WordPress from almost all the threats that the World Wide Web has to offer.

If you have any questions be sure to leave a comment below or you can also contact us directly. If you found this article useful, please share it with someone else who might learn something from it.Be sure to check us out on Facebook, Instagram, Twitter, and LinkedIn.


    Get Help, Totally Free

    • Overwhelmed by online marketing and social media?
    • You know that SEO and paid advertising would be great but have no time to figure it out?
    • People visit your website but it isn't generating any leads?
    • Confused about why sales and engagement are so low?
    Fill out the form below to schedule a free, 30-minute strategy call.



    Leave a Reply

    Your email address will not be published. Required fields are marked *