How to Protect WordPress site from Hackers – Complete Guide

WordPress security Guide

Running a successful business is one thing but protecting your online business from hackers is also a part of  your business.

If  you think protecting your business is not a part of your business then just check out the bounty announced by the facebook and Google for finding bugs on their website. Check out facebook bug bounty program

In this Guide we will discuss the different methods hackers try to gain access to your website and how you can protect harding the security of your website.

Hardening WordPress security is one such document that you must read if you think you are so new in the online business and why a hacker will target you, Besides this the article also discuss the few points that must be kept to secure your website.

Here is the summary of that article for your ready reference.

Type of  hacker attack that most of the time hackers use to exploit your website.

  1. SQL Injection Attack
  2. Broken Authentication and Session Management
  3. Cross-Site Scripting XSS
  4. Insecure Direct Object References
  5. Security Misconfiguration
  6. Sensitive Data Exposure
  7. Missing Function Level Access Control
  8. Cross-Site Request Forgery
  9. Using Components with Known Vulnerabilities
  10. Unvalidated Redirects and Forwards

XSS vulnerabilities have been reported and fixed in many well-known plugins including:

  • Jetpack
  • WordPress SEO, All in One SEO and Yoast SEO
  • Gravity Forms
  • Wp touch

and many more but these are some of the very common plugin that we see on almost every WordPress blog thus almost every website is vulnerable to hackers.

How to secure your WordPress Site

WordPress security Guide

First of all you have to understand this is not a one time job. Do something with your website today and enjoy a bulletproof WordPress site forever.

You have to understand that the security of your website totally start from your own computer using to access your website, Your web host, Its file permission to plugins, WordPress setup , Database permission, plugin coding and many more.

Secure your very Own computer first : The security of your website start from your own computer, if your computer is compromised then how can you secure your website. Probably your compromised computer is logging your keystroke.

or your saved password on your browser is being accessed by your own friend.

Quickheal and Lastpass are two solution for the above stated problems. The best past of these two software is both of them are free to use for a limited period.

Choose a proper Hosting solution   A proper hosting solution for your website is another very crucial for your WordPress website specially if you are running your business on WordPress.

WordPress based Hosting solution like Wp-Engine is little bit pricy but you will get value of your money all the time.

A poor hosting company like godaddy though they are dirt cheap but will not allow you to host your .htaccess file thus a lots of features that you can lock using .htaccess like hot-linking, Ip blocking, Bot blocking, caching of static files Images, Spam commenting can not be implemented.

.htaccess hack every website owner should know

A poorly managed Host also does not allow you to delete your files or upload any image via WordPress admin panel.

As an example of proactive security practices, some hosting companies will automatically block an IP address after too many failed attempts to log in or access a hosting account. You should also make sure that they are using a recent version of MySQL and PHP, two of the components that are vital to WordPress. Never hesitate to ask your hosting company for more information on their security posture.

Bluehost is a highly recommended Hosting provider for WordPress if wp-engine seems too much costly for you.

Backup your Website

Backup of your website will not help you to prevent hacking but it can save your website in case of hacking. When this happen the first priority of any business is to come back in business as soon as possible and the place to lookup to come back again is -backup.

There are a lots of ways  you can take backup of your website. Some hosting companies provide automated backup or You can even use a plugin like backup wordpress or choose a manual method to take this backup on regular basis.

Select your themes and Plugins Wisely

This is a very common problem, it is learn that people select themes based on their look they are least bother how the theme is coded and whether the developer is observing the best security practices like sanitization of input via php and mysql or not.

Before installing any free theme it is highly recommended to check theme via themecheck.org or themecheck plugin.  Otherwise premium theme framework like genesis or hybrid should be used.

It is also learn that few people disable WordPress updater that is a very very bad practice as this way your WordPress site will not be able to automatically prompt to download new patches.

Implement 2 way Authentication

Two way authentications is now a days very common and it add an extra layor of authentication as it send an email to your registered email Id and using the link on that ID you are only allowed to login

Reduce login attempt : limit login attempt will block an IP after the desired number of attempt on your website.

Change default Admin ID and select a strong password. I do not think you do not know what is a strong password.

Change the location of your login Files using coding or WordPress plugins, here is the detailed tutorial on wpwhitesecurity.com

Hide WordPress details using Hide my Wp as hackers find your WordPress information from the small footprints generated. Hide my wp will remove all that footprints very cleverly.

Change the location of your config files. Wpwhitesecurity defined this how you can change the location of your wp-config.php file from your server

Do not use the default prefix for WordPress database tables.

Constantly scan your WordPress site for malware and spyware using third party software like securi.

Watch  your Traffic constantly

The problem with newbies are they install fancy traffic

If all these seems to be a little bit scary then I would highly recommend you, Use any of the listed security plugins like Wordfence, BulletProof,  All in one WP Security & Firewall , iSecurity etc.


Though we have not give you the exact steps you have to follow while securing your WordPress site but I am 100% sure reading this and the recommended articles, You will be able to reduce the risk of being hacked.

Joseph Gojo Cruz is the author of RankingElite, a Philippines based Internet Marketing blog for businesses. Joseph has been working in online marketing industry for over 3 years from website audit, link and content development, social media and search engine optimization. Connect with Joseph on Google+, Twitter, and Facebook. Joseph is also a contributor on SEJ and Ahrefs.

Related Posts

Leave a Reply

Your email address will not be published.