15 Effective tips to protect WordPress website from hackers, viruses and malwares!
Each and every minute, thousands of websites are hacked all over the internet. The hackers are spreading the spider programs all over the internet to make attempts to hack the websites and steal the data.
There are many routes for the hackers to attack and hack a website. By taking some precautions, we can minimize the chances for our wordpress websites getting compromised.
Let us see them one by one:
(1) SET STRONG PASSWORDS:
The first attempt made by the hackers is to login your wordpress website using hundreds of passwords. Using a weak password makes their job easy. They make several attempts to login the website using different commonly used passwords. Using the date of birth, country name, city name, alphabets in a particular sequence, numbers in a sequence, etc, makes their job easy.
The password should be very strong with letters, numbers and symbols. It should not have a pattern. It should be a random mix.
You can get clear tips about setting a strong password from our post HERE.
(2) CHANGE THE USERNAME AND ADMIN PAGE:
Most of the wordpress users have ADMIN as their user name that comes as default. Change that username in the Control panel to a tougher one that can’t be guessed by anyone.
It is also advisable to change the admin page address t something else.
(3) LOGIN THROUGH WORDPRESS.COM THROUGH JETPACK:
If you install JETPACK plugin, it can be connected to your wordpress.com account. Then, you can disable the login through wordpress site or hosting control panel. Use wordpress.com login to assess your wordpress site.
The important benefit in logging in through your wordpress.com account is that they have strong security for your credentials and they also have “two step authentication”. You can get two steps of verification with secret codes to log in to wordpress.com account.
(4) USE RELIABLE PLUGINS AND BROWSER EXTENSIONS:
Some times some unreputed extensions may steal your credentials and use them to hack your website. Therefore, it is important to add the plugins and extensions only from the reputed and trusted sources. See the number of users and their reviews before adding them. Have only essential plugins and browser extensions. Read THIS POST to know how to add plugins to your wordpress website.
Read THIS POST to know important and reliable plugins you should add to your wordpress site.
(5) DO NOT VISIT UNTRUSTED WEBSITES:
Always browse and visit only to the trusted websites. Many adult sites, illegal softwares distributing websites, illegal songs or movies downloading websites, sites from unknown sources sends some malwares, viruses, malicious programs, etc., to your computer or mobile or any other device that may take your device under their control. So, visit only the reliable websites that have good rating. Some examples of websites with good standing are: Google, facebook, Twitter, wordpress.com, blogger, Gmail, etc. Have a clean browzing habit.
(6) AVOID LOGIN FROM PUBLIC INTERNET BROWZING CENTERS:
Public Internet browzing centers may have infected computers. If you use the login credentials like usernames and passwords in those systems, there are chances your websites get infected. You can just see your web pages in public internet centers without logging in.
(7) DO NOT ALLOW UPLOADING THE FILES TO YOUR WEBSITE BY THE USERS:
Unless this is very important, you should not give the facility of uploading any files to your site by your users. It may give chances for infected files to get uploaded. In case uploading facility is to be given necessarily, make tight security. Don’t give executable permissions for the uploading file.
(8) MAKE YOUR WEBSITE ENCRYPTED (‘HTTPS’):
The data entered by you and the visitors in your website can be assessed by the hackers that can be used to hack your website. To avoid this, you should encrypt the data transfer from the device of the users and the server. This can be done by adding encryption certificate that makes your website ‘https’ enabled. Now, even free encryption certificates like Let’s encrypt are available. You can add one of them.
Making your site https may also help in the SEO and the search engines may prefer to show your website in search results because google is making https as one of the factor of consideration for priority in showing the search results.
(9) ENSURE STRONG ‘SERVER LEVEL FIREWALL’:
Ensure that your web host has enabled strong server level firewall. In case you are in managed hosting, they will take care of these things. Strong server level firewall and regular scanning of the server will be done by good web hosts. So, select a good and popular web host to host your websites.
(10) UPDATE THE WORDPRESS AND PLUGINS REGULARLY:
Updates are done for both enhancements and bug fixes. Some times, there may be some bugs or loopholes in the plugins that are corrected by the plugin authors through updates. Once the authors of a popular AMP Plugin updated their plugin. Within hours wordpress was also updated. Immediately, all the websites that had installed that plugin became broken and went out of view. Being active and responsible authors, the plugin authors corrected the bug within a few hours and released their urgent update that solved the problem.
Thus, all the plugins must be updated immediately after seeing the update notice. The wordpress software should also be updated immediately after getting the update notice. This can help to keep your website without loopholes that can be targetted by the hackers. Most importantly, use only the reliable plugins.
(11) ADD A GOOD SECURITY PLUGIN TO SAFEGUARD THE SITE:
I recommend Wordfence Security Plugin to do all the security related tasks. It effectively protects your site from attacks. It has a nice firewall that protects your site all the time. It scans the site in regular intervals and fixes the vulnerabilities.
Wordfence also offers service to clean your website in case your site had been hacked.
You can read a separate article on complete and recommended settings of Wordfence to give optimum protection to your site and how it protects the sites.
(12) Beware of Cross-Site Scripting Attacks (XSS):
(13) Protect against SQL injection attacks:
You must always use queries with parameter. Avoid standard Transact SQL. Doing so may help the hackers to inject malicious codes into your website.
(14) Double validate form data:
If you have forms to accept data, take care and have two step validation in both server side and browser side to avoid injection of malicious codes through forms.
(15) GET THE PROFESSIONAL SERVICE TO SET UP WORDPRESS AND CUSTOMIZE IT WITH ALL THE REQUIRED INPUTS:
In case you need my services to install wordpress and plugins with recommended settings, make styles using css, make the site speed more than 90 in Google page speed reports, and perform all the wordpress related services, do CONTACT me for the details of fees and how i do this service. I will hand over a completed website that can be straightaway started promotions.
If you find this article useful, do share this post using the share buttons below.