Website Protection: Preventing WordPress Hacks

WordPress is a common target for website hacking. This is because it is the world’s most popular website builder. However, there are many ways in which you can keep it safe from nasty attacks. Here are some ways you can protect your website by preventing WordPress hacks.

Insecure web hosting

Like any website, WordPress sites are hosted on a web server. When it comes to finding a hosting company, they may not properly secure their platform, which can make any website under their services vulnerable to hacking.

To avoid this, choose the best WordPress hosting provider for your website. This will ensure that your website is hosted on a safe platform. With a properly secure server, you can block many of the most common WordPress-based attacks. Better yet, choose a managed WordPress hosting provider for extra precaution.

Weak passwords

Your passwords must be strong and unique if you want to prevent hackers from making their way into your website. And we’re not just talking about the one to get into your website. Here are some areas that require a strong password:

  • Your WordPress admin account
  • Web hosting control panel account
  • FTP accounts
  • MySQL database used for your WordPress site
  • Email accounts used for WordPress admin or hosting account

Wp-admin directory

The WordPress admin area allows different actions to be performed by users on your WordPress site. This is also the most common area for attack. By leaving it unprotected, hackers can make various attempts to enter your website. Adding layers of authentication to your WordPress admin directory can make things harder for them.

Begin by adding a password to protect the admin area and if you have multiple users, ensure they each have their own login details so that no passwords are shared. You can also add two-factor authentications to make things even more difficult for hackers.

Incorrect file permissions

File permissions are a set of rules that your web server uses and will help your web server control access to the files on your website. Any incorrect file permissions can give a hacker access to write and change these files. All WordPress should have 644 value as file permission and folders should have 755 as their file permission.

Not updating WordPress

Some WordPress users fear to update their website in case things go wrong and the website breaks. However, these updates are essential for fixing bugs and security vulnerabilities. Without these updates, your website will be vulnerable. You can always create a complete WordPress backup before running an update if you feel unsure.

The same applies to your plugins and theme. Security flaws and bugs are often discovered in these areas. Though they are quick to update, not doing so will make them vulnerable.

Using Plain FTP instead of SFTP/SSH

FTP accounts are there for uploading files to your web server using an FTPP client. The majority of hosting providers support these connections using various protocols; FTP, SFTP or SSH. FTP sends your password to the server unencrypted. SFTP or SSH should be used instead of FTP. You will not need to change your FTP client to do this, you simply need to change the protocol to ‘SFTP – SSH’ when connecting to your website.

Using admin as your WordPress username

A common mistake that many people make, using ‘admin’ as your WordPress username is not wise. We highly recommend you change this if this is your username.

Nulled themes and plugins

Many websites offer free WordPress themes and plugins that should normally be paid for. It can be tempting to download them, but they are nulled and can be dangerous. Not only can an unreliable download compromise the security of your website, but they can also be used for stealing sensitive information.

Always use a reliable source, such as the developer’s website or the official WordPress repositories. If you do not wish to invest in a premium theme, there are plenty of high-quality themes available that are free.

WordPress configuration wp-config.php file

WordPress configuration file wp-config.php contains the login credentials for your WordPress database. If compromised, a hacker could find information that will offer complete access to your website. Denying access to wp-config while using .htaccess will add extra protection.

Let Search and More keep your website safe

When it comes to managing websites, safety is a must. This is why Search and More will ensure your WordPress website is kept safe while performing well in search results. Get in touch to learn more about our services.

related posts

discuss your next project
with us

If you feel you should be winning more business online or you
think your website looks a bit jaded give us a call
on 0161 669 5544 the kettle is always on.

a testimonial or two…

Search and More have been our Website and Social Media provider for over 18 months and have exceeded our expectations, met our business requirements and have always dealt with our needs efficiently and promptly.

Rachael Scanlin – Transport Training Academy

have a read…

Have a read of our extensive blog archive to get an idea on how we blog and how a blog could work for you.