Do you know what’s the worst part about being hacked? It’s that you might not even realize it! Do you know one of the common things that happens after your website is hacked is that someone adds shady links into your posts and footers? And unless someone tells you or you notice, you probably won’t even realize what’s happening.
But don’t worry, I’ve got your back! 🙂
Together we’ll take your WordPress website from vulnerable to secure! Just follow my advice.
1) Keep everything up to date
Most themes and plugins updates are security updates. It means they’ve seen a vulnerability in their code and they made the necessary changes to fix that. If you keep your plugins out of date, you have a greater risk of getting hacked. It’s that simple.
2) Don’t use ‘Admin’ as your username
It’s too easy to guess. Go for something a little more… unique instead! Even if it’s your name or a variation of your website’s name, it’s already better than ‘Admin’. Too many people use that one, and the little robots that go all over the internet hacking websites know that. One of the first usernames they’ll try when hacking your website is that one!
3) Have strong passwords
To make your login info more secure, opt for strong passwords too! Not sure how your current password scores? Try putting it through How Secure Is Your Password and come up with a new one if it would only take a couple minutes to hack you…
Make sure that if you have users signing up to your website that their passwords are strong too! You don’t want your vulnerability coming from your users.
4) Try to have as little plugins as possible, and check their credentials
The biggest vulnerability on most websites is plugins. Unfortunately, we tend to install a lot to fill all of our needs, but it’s important to try to keep the number as low as possible to limit your risk. Make sure the function the plugin provides you is worth it, check how many reviews they have (and what’s their rating) as well as when it was last updated. If it’s been over a year, pick another one.
Not using a plugin? Delete it instead of just deactivating it. You’re still at risk.
5) Use themes from well-known sources
The same vulnerability found in plugins can also be found in poor-coded themes. Make sure the people that built your theme are reliable and can be trusted. Too many themes out there have suspicious code (which might also slow down your website and create other general problems). I believe in investing in premium themes instead of going for free ones! Check out the Divi theme or the X theme if you’d like a drag-and-drop interface or the Genesis Framework if you know your way around WordPress files.
6) Delete the ‘Powered by WordPress’ link from your footer
This isn’t a vulnerability itself, but it’s like sugar to mosquitoes: it attracts bots. If they see that your website is on WordPress, they can just go to the /wp-login page and try logging in with ‘Admin’ and a weak password. You’ll just see a lot more bots trying to log into your website. Getting rid of this is the first step to limiting the amount of bots trying to hack you.
7) Move your /wp-login page to another URL
Step two of limiting the amount of bots that hack you is to move your login page to something else. You can pick /login for instance, or /backend. Whatever you’d like is fine, as long as you remember it! I use the All in One WP Security plugin to do this!
8) Install a security plugin
There are quite a few plugins out there that can help you make your website more secure by adding new rules to your backend that would be hard to add manually (or honestly too complicated). I’ve used All in One WP Security for a couple of years already and haven’t had a problem with it! Install it and go through all the settings.
Some of my favorite features of the plugin are the login URL change, limiting the login attempts, blocking access to certain files, etc.
If you have a budget and want to take your security to the next level, Sucuri is apparently the best thing out there. I haven’t tried it yet, but I’ve heard good reviews about it!
9) Host your website with someone who will keep it safe
A lot of hacks happen on the server side… Which means there’s nothing you can do about it, expect change hosts. If you’ve heard a lot of bad reviews about the company you’re currently with, consider switching! Most hosts offer a free transfer, so you don’t have to worry about that. I host my websites with SiteGround, and I can vouch that they offer a great service! I’ve been with them for over a year now and haven’t had a glitch since.
10) If you run a store on your website, consider buying an SSL certificate
This isn’t something that will make you less vulnerable, but it keeps your customers safe. Since your data will be encrypted, stuff like username, passwords, emails, addresses and credit cards numbers won’t be available for everybody to steal. I firmly believe that an SSL certificate is a good investment, especially since Google values it when it comes to ranking website.
How secure is your website? Did you make a lot of improvement after reading this post? Share it with me in the comments!