How to Prevent your WordPress Site from Getting Hacked

WordPress is an incredibly popular platform.  In fact, it’s currently used by approximately 75 million different websites.  However, with any site hosted on the web, there’s always the factor of security.  Any given system has its points of vulnerability, and it’s important to be aware of those different vulnerabilities and anticipate possible attacks.  Preventing an attack is always much easier process than trying to recover from one, and there are steps you can take to increase your WordPress security and make successful attacks much less likely.

Keep Existing Plugins Updated

Keep your plugins up to date.  If your site requires numerous plugins to provide necessary functionality, keeping track of each one could certainly be a difficult process.  However, it is important to come up with a way to keep track of updates and modifications that are done to each plugin. As a general rule, it’s a good idea to keep your plugins updated to the latest version, unless the creator of the plugin specifies otherwise.  Outdated plugins, as well as outdated themes, have the potential to expose security flaws and provide potential points of access for attacks. To help stay up to date, the Shield WordPress Security plugin is an excellent option to add to your site. This particular plugin automatically updates other plugins used by your site when new updates are made available, so if you have a site that you log into only once a month, this plugin may be a feature worth considering.

Use Strong Passwords

This one is a bit of a no-brainer, but you should always use strong passwords.  In addition, you should never use the same passwords for multiple accounts or expose those passwords on any platform.  Many password detectors can crack weak passwords in a matter of seconds, granting full administrator access to your WordPress site.  If your password is used repeatedly for multiple accounts, an attack that exposes one password essentially grants access to all of your accounts.  It may seem like an obvious aspect of WordPress security to point out, but finding a secure way to manage strong, complicated passwords for each of your accounts will greatly increase security and make attacks much more difficult.

Automatically Log Out Idle Users

This trick is especially useful if your site has multiple users with administrative access.  Leaving an account logged in exposes the risk of anyone passing by being able to make changes to the site.  While you may be careful about logging in and out of your account, you can’t be certain that your other users will be.  A simple fix is to set a time limit for idle users to remain logged in on your site, and if that time limit is exceeded, simply log them out.

Rename the Login URL

The login URL of a WordPress site has a default value, and is very easy to change.  When an attacker has the specific URL of your site’s login page, it is easy to perform a brute force attack on the site.  This essentially means using a database of common administrator login combinations to see if any work. The simple fix for this problem is to adjust the URL to something other than the default value, since users can only login when they have the direct login URL.  This fix will keep an outside attacker from being able to access the login page through its default value, and the iThemes Security WordPress plugin makes the process of changing the URL very quick and easy to do.

Don’t Access on a Public Network

Public networks are a common point of access for attacks.  This is because they’re often unsecured, or have very poor security.  Basically, you never know who else is on there. If you log on to your WordPress site through a public network, it’s certainly possible that someone else could be using a packet sniffing software to capture credentials being entered in on the network.  This, of course, essentially just gives your account credentials to an attacker without you knowing it, which grants them all administrative privileges. Instead, make sure that the network you’re using to access your site is secure to ensure there are no loose ends.

Hope for the Best, Prepare for the Worst

It’s important to frequently backup your site.  As mentioned previously, it’s always easier to prevent an attack than recover from one, but attacks can occur and it’s important to be prepared for them in the case that they do.  Having a backup of your site in a secure location is an excellent place to start. While recovering from an attack is never an ideal situation to be in, being able to restore at least some of your site from a backup is an excellent place to start.  The tricks mentioned in this article are simple fixes that can be implemented to greatly improve your WordPress security, but it’s always important to be prepared for the worst-case scenario. Aside from backing up your site, you should also make sure to read news regarding updates to the platform and different attacks that occur in order to remain informed and keep modifying your site to make sure it stays as secure as possible.

Need to migrate your CMS, CRM, Hosting, Page Builder? WordHerd specializes in all types of web migrations, website security and development. Contact us for more information about migrating HubSpot to Marketo CRM and check out our CRM migration services here.