How to secure your WordPress website from hackers?

This guide is intended for all those who have a WordPress website and  has been hacked and suspended, or for all of those who want to learn how to secure their WordPress to avoid hacking.

WordPress is one of the most used platforms by millions of websites around the world to build and manage websites and blogs.

WordPress has several PHP and MySQL code lines (programming), therefore, being a worldwide distribution application, vulnerabilities and new flaws are discovered every day due to so it numerous code.

There are also thousands of attackers around the world who take advantage of these security flaws to infect WordPress websites with malware. Malware can facilitate the creation for example of a phishing page to steal credit cards information, Paypal accounts through your website, send spam or also to use the resources available in the hosting as a "bot" and perform subsequent denials of service to websites or servers of companies, institutions or diverse organizations.

So, a vulnerable WordPress becomes a means for an attacker to carry out various crimes with practically total anonymity.

Good international practices indicate that websites that use WordPress and have been hacked to upload phishing or some type of malware, should be suspended by the hosting provider immediately to avoid further harm to users or defenseless organizations.

Since it is very important that your website is always kept safe, we provide you with a series of tips:

 

If your WordPress has not been compromised or hacked:

 

  • If you start a WordPress installation, it is essential that you finish it, there should be no "/ install" directory or "install.php" files visible in your web hosting account.

  • Never use "admin" as the main user, it is better to use another user to make it harder for them to find your user.

  • Always keep the latest Wordpress version up to date, themes and plugins. With auto-update activated.

  • Passwords should be as secure as possible: Include numbers, lowercase and uppercase letters and special characters such as! "· $% & / () =?

  • It is essential that you change your password at least every 30 days.

  • If you install a theme (design), always download it from the original website of its creator or from http://wordpress.org/themes/. Never download themes from sites that appear to be completely free because they usually have malware and viruses, or for example they leave back doors so that anyone can take control of your blog.

  • Do not enter your passwords in public access computers (for example, cybercafes or booths).

  • Do not share your password with anyone.

  • Do not enter your password anywhere other than your site.

  • Use different passwords

  • If you are going to install plugins to add functionalities to your WordPress, subscribe to the plugin author's newsletter and always keep it updated. The plugins are a great gateway to attackers.

  • Make frequently (30 days minimum) backup copies of your website and download them to your computer, then remove them from the hosting.

  • Keep WordPress updated in the latest version, the same with plugins.



If your WordPress has been compromised or hacked:

 

Important notice: If our security system suspended your account because your WordPress was doing phishing, spam, DDoS or simply received a complaint for hosting content such as malware that could lead to all the above actions, the system will suspend your account automatically to avoid continues harm to other people and organizations. We understand your concern but do not despair, the usual practice is to isolate the content that generates damage so that it does not harm the rest of the websites of  Neolo’s network.

In order to enable your website, it is necessary that your computer programmer, contact us, or, if you have  the knowledge, you can try and do it yourself, and arrange with our technical staff an estimated time to enable your website for 1 hour and show us that You either deleted the content and upload it again, clean and updated, or else your technician found the flaw (he should show it to us) and fix it.

 

  • Install on the computers from which you manage WordPress, a new and updated antivirus to scan your entire computer for viruses and malware.

  • Modify the FTP password, cPanel and all the WordPress users. Also MySQL.

  • Consider removing all the content of your site (everything that is inside / public_html) and  database, upload a previous backup, it will be very important now to take into account all the previous steps.

  • Patching WordPress instead of installing from scratch is complex since it requires technical skills in programming and computer security, initially it will be necessary to identify where the attacker entered, correct the security problem and then secure the rest of the possible doors entry. We suggest that you hire an expert to do it correctly or, as we advised , deleting all the content and uploading it again but with a new updated installation and following the previous advice.


Other resources:

  • What to do facing a WordPress hack: http://codex.wordpress.org/FAQ_My_site_was_hacked

  • Securing WordPress: http://codex.wordpress.org/Hardening_WordPress

  • Anti-guessing password (brute force protection) plugin http://wordpress.org/plugins/bruteprotect/

  • Anti MalWare plugin http://wordpress.org/plugins/gotmls/

  • Anti MalWare Scanner Plugin http://wordpress.org/plugins/sucuri-scanner/

  • Anti MalWare WordFence plugin http://wordpress.org/plugins/wordfence/

  • Google checks every 48hs approx if your WordPress has malware http://www.google.com/webmasters

  • Check online if your WordPress is hacked: http://www.isithacked.com/

  • Email, SSL
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Website suspended for excessive resource usage

Resources on a server are limited and therefore the CPU and RAM disk usage are monitored for...

How to install WordPress and choose a web design?

Installing WordPress and start developing your website is more than simple, for this reason in...

How to install WordPress in a temporary URL?

Many times for one reason or another we need to use temporary URLs, either because we need to...

PHP files are downloaded instead of executed, how do I solve it?

Sometimes it happens that when trying to access your website, instead of the PHP files being...

How to install Wordpress?

1. Access your cPanel account 2. Click on "Softaculous" 3. Click on "Install Wordpress" 4. Now...