Since WordPress powers 25 percent of all websites in existence, it’s no surprise hackers target sites built on this platform — it’s easy to find targets. Even a site with minimal traffic may be hacked and infected with malware. A few simple security measures can help ensure that your site stays clean, safe and malware-free.
Theme and Plugin Protection
The themes and plugins you choose enhance your site’s looks and functionality, but they can also open doors for hackers and malware if you’re not careful.
Developers update their themes and plugins regularly to patch security holes or improve functionality, so it’s important to install the updated versions as they become available. Even inactive plugins and themes lingering on your WordPress dashboard can become security issues, so either update or uninstall them. Always run the newest version of WordPress and all of its components.
Only install themes and plugins from known, trusted sources, such as the WordPress theme and plugin directories. Reliable and secure commercial sites are also potential options. Do not install random plugins or themes found on sites you’ve never heard of: This includes nulled free versions of themes that usually cost money. You may be installing malware or leaving a back door open to all kinds of trouble, even if anti-virus scans show the files are clean.
Make Your Site Harder to Hack
One of the best ways to cut down on hacking attempts is to get rid of the default “admin” name when installing WordPress. Pick a different user name — something besides the name of your site — to make it harder for hackers and bots to guess your password. Instead of using the usual wp-admin page for your logins, install a plugin that changes the login area to another link that you choose. Plugins such as WPS Hide Login handle the task for you.
Additionally, the harder your password is to remember, the harder your site is to hack. Include letters and numbers and make the password long — don’t choose “password” or a simple sequence such as “123456.”
Install Security Plugins
Plugins such as Wordfence bring robust security to your site, blocking login attempts from known malicious networks and bots. Wordfence also sends email alerts when it blocks login attempts or when a plugin has an update available.
A “captcha” plugin such as Math Captcha requires users to complete a basic math problem before logging in, adding another layer of security. Finally, a plugin such as Sucuri provides active malware scanning and blocks login attempts from blacklisted IP addresses. Many free security plugins are available through the WordPress plugin directory; some offer premium versions that also clean your site if it’s been compromised.