Pin It

Prevent Hacking: 10 steps to secure your WordPress site

Prevent Hacking Of Your WordPress Site

Why should you care to prevent hacking of your wordpress site? Because your website is the home of your online business- and when it gets hacked, it can be upsetting, frustrating, and feel violating, not to mention expensive in terms of lost business. Even if your site receives very few visitors, or you have set your site up for some private purpose- if it appears online, you need to take certain steps to prevent hacking.

Unfortunately, hacking is becoming increasingly common, as more and more websites are brought online and owned by businesses who do not understand how to keep them updated and secure.

There are a few steps you can take, ahead of time, to prevent your website from being hacked. Like anything, it’s always easier to prevent hacking than it is to recover from it.

Steps to Prevent Hacking

The first is to create difficult passwords for your logins.  Ideally, passwords would be 16 characters and include uppercase, lowercase, numbers, symbols, and spaces. In addition, ensure that you don’t use the same passwords for everything. Then you should change them often, approximately every 90 days. Be sure to keep your passwords secure as well.

The second is to hide your administrative pages. Hiding the link to these pages makes it more difficult for hackers to gain access; especially if you name these something other than /admin, /login, or similar.

The third is to set up new logins for anyone who needs access to your site, and delete these accounts as soon they their access has ended. Even if you practice excellent security, it doesn’t mean that everyone else does.

The fourth is to invest in a monitoring service- these services can keep track of your site and “harden” it from attack. The only problem I see with many of these services is that no one service protects against everything. This is why it’s crucial for you to maintain good site habits even if you invest in a monitoring service.

The fifth is to keep your site regularly updated. Each time wordpress, your theme, or plugins have an update, check it out and make sure it’s stable, and then apply this to your site. Many times, the new versions of WordPress address security flaws in the version before; this is why it’s important to update soon after a stable version is release. If you don’t have someone to help you with this, we offer WordPress website services and can do this for you.

The sixth is to add SSL to your site. SSL- secure socket layer- can add an extra measure of protection. Sites without it are being flagged by web browsers as potentially unsafe; so there is more than one reason to get your site set up as SSL now.

The seventh is to avoid adding plugins unless absolutely necessary. One great thing about WordPress is the availability of all kinds of plugins. The downside of this is that not all plugins are coded well, and eery additional plugin creates another potential door for exploit. So add plugins carefully and delete anything you decide not to use. Also be sure to only load plugins that are approved in the wordpress repository. These have undergone at least a preliminary review to prevent hacked code from being made available.

The eighth is to avoid custom code if possible. Custom code is only as secure as the programmer who coded it. If you have obtained code from a third party, ask them how the code is secure, and what steps should be taken to keep the code secure going forward.

The ninth is to delete any extra themes or plugins you aren’t using. Again, reducing the amount of unused items in your site reduces the number of potential doorways a hacker can use to access your site.

The tenth is to scan your site with an antimalware plugin. I like and use one called antimalware. In addition to practicing all the steps I shared above, make it a regular habit to scan your site for malware weekly, using a plugin such as that one.

While not a hack-prevention tip, also be sure to back-up your site daily or at least weekly. This will make it much easier to recover from a hack if ever needed.

As a business owner, you need to take steps to prevent hacking of your website. It’s a good idea to understand the basics so you can be sure your site is secure as possible.

These tips will definitely prevent hacking on your site. If, however, you do get hacked, be sure to hire a specialist to help you recover site.

I hope you never need it, but in case you do- we can help you recover your site. Please contact us for more information.