WordPress Security-Tips To Protect From Hacking

Sharing is Caring
Share

Recently one of my website got hacked and there skeletons dancing on it when you visit that website. Luckily it wasn’t my primarywordpress securitywebsite. In fact, a online forum which I haven’t focused for long time so damage was limited. I contacted knowhost (myhost) support and they restored it from backup.

This forum was based on vbulletin and vbulletin had a flaw and so I deleted their install directory and everything was fine. But it hit me well and I was forced to think what if akhilendra.com is hacked?

It is a wordpress based site and wordpress has got limited capabilities as far as fighting hackers is concerned.

WordPress security is a concern for most of the wordpress users. There is nothing like wordpress is too vulnerable to hacks but yes, it is not immune either.

There are certain steps which you must take to enhance wordpress security and protect it from hackers.

At the same time, you should also make arrangements to restore it in case wordpress security is compromised and it is hacked.

Here we will look at the steps to protect wordpress from hackers and make arrangement in case it is hacked.

WordPress Security- Protect it from Hacking

Precaution is better than cure.

You should use wordpress security best practices to ensure that it is not compromised.

We will first go through wordpress security tips to enhance the penetrability of our wordpress site;

  • Create a new admin user and remove admin user with user id “admin”.
  • Have tough admin password with a combination of different characters and numbers.
  • Always update your wordpress install whenever there is an update from wordpress
  • Always update plugins and remove unused plugins & themes from your wordpress installation.
  • You should install captcha and anti-spam plugin like commentluv to protect spam through comments.
  • You should install wordpress plugins from reliable sources only.

WordPress Security Plugins to boost security & protect against hacking

There are many plugins to enhance security, I am using few plugins as example,

Acunetix WP Securityit is a free wordpress security plugin which is free and provide lot of security features. It checks your wordpress blogs and make recommendations in following area;

  1. Password
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/ security
  6. Removes wp generator meta tag from core code
  7. Key security features;
  8. Key security features:
  9. Easy backup of WordPress database for disaster recovery
  10. Removal of error-information on login-page
  11. Addition of index.php to the wp-content, wp-content/plugins, wp-content/themes and wp-content/uploads directories to prevent directory listings
  12. Removal of wp-version, except in admin-area
  13. Removal of Really Simple Discovery Meta tag
  14. Removal of Windows Live Writer Meta tag
  15. Removal of core update information for non-admins
  16. Removal of plugin-update information for non-admins
  17. Removal of theme-update information for non-admins (only WP 2.8 and higher)
  18. Hiding of wp-version in backend-dashboard for non-admins
  19. Removal of version in URLs from scripts and style sheets only on frontend
  20. Reporting of security overview after WordPress blog is scanned
  21. Reporting of file permissions following security checks
  22. Live traffic tool to monitor your website activity in real time
  23. Integrated tool to change the database prefix
  24. Disabling of database error reporting (if enabled)
  25. Disabling of PHP error reporting

Login LockDown wordpress security blogs – it blocks login addresses after a certain number of failed attempts from same id.

Wordfence Securitywordpress is a very good security plugin which offer many features to secure a wordpress site. These are the features offered by them;

  • Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
  • Includes two-factor authentication, also referred to as cellphone sign-in.
  • Enforce strong passwords among your administrators, publishers and users. Improve login security.
  • Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
  • Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
  • Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
  • See how files have changed. Optionally repair changed files that are security threats.
  • Scans for signatures of over 44,000 known malware variants that are known security threats.
  • Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
  • Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
  • Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
  • Checks the strength of all user and admin passwords to enhance login security.
  • Monitor your DNS security for unauthorized DNS changes.
  • Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
  • Choose whether you want to block or throttle users and robots who break your security rules.
  • Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
  • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
  • A real-time view of all traffic including automated bots that often constitute security threats that JavaScript analytics packages never show you.
  • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
  • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
  • Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
  • WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
  • Premium users can also block countries and schedule scans for specific times and a higher frequency.

Better WP Security Plugin – just like other security plugin mentioned above, Better WP Security is also one of the best security plugin which is free and quite handy in protecting your wordpress site from hackers and hacking.

  1. Some of the features offered by Better WP Security Plugin are;
  2. Remove the Meta “Generator” tag
  3. Change the urls for WordPress dashboard including login, admin, and more
  4. Completely turn off the ability to login for a given time period (away mode)
  5. Remove theme, plugin, and core update notifications from users who do not have permission to update them
  6. Remove Windows Live Write header information
  7. Remove RSD header information
  8. Rename “admin” account
  9. Change the ID on the user with ID 1
  10. Change the WordPress database table prefix
  11. Change wp-content path
  12. Removes login error messages
  13. Display a random version number to non-administrative users anywhere version is used
  14. Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  15. Ban troublesome bots and other hosts
  16. Ban troublesome user agents
  17. Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  18. Strengthen server security
  19. Enforce strong passwords for all accounts of a configurable minimum role
  20. Force SSL for admin pages (on supporting servers)
  21. Force SSL for any page or post (on supporting servers)
  22. Turn off file editing from within WordPress admin area
  23. Detect and block numerous attacks to your file system and database

So these are some of the most useful wordpress security plugins. Now we can look at some other activities which can influence security of your wordpress site.

Web Hosting

Yes, that’s right web hosting is the first thing which influence the security of your website. You need to choose reliable web hosting.

When it comes to economical web hosts, hostgator, inmotion, godaddy and knowhost are good web host which provide optimum security to your web site.

If you can afford then managed wordress hosting is best for security, WPEngine is probably the most secure wordpress hosting.

They also offer regular backsup and many additional security features to enhance the security of your site. To know more about wpengine, click here.

WordPress CDN

CDN and allied services are very useful in protecting your wordpress site from hackers. Cloudflare and MaxCDN are very useful in doing so. They are also useful in improving your SEO by improving page speed of your site.

To know more about wordpress CDN, click here.

Cloudflare is a free service and is very good in providing security to your website. It can be easily integrated with wordpress and it also inform you about the threats to your site.

It will ask for a captcha if there is a suscipicous activity on your blog.

WordPress Security Breached- What’s Now

As mentioned earlier, precautions are better than cure but what if the security of your wordpress site is breached and it is hacked.

You need to contact your web host and ask them to restore your site using latest backup.

You should use appropriate backup plugins to ensure proper backups at place. There are many wordpress plugins for backups and these plugins will take the backup of database and entire file system which can help you bigtime in restoring your blog.

Some of the most widely used wordpress backup plugin are;

WP DB Backup

WP Time Machine

Best Premium WordPress Security Service

Sucuri – it is the best security and protection service for any website including wordpress, html websites, joomla, drupal, vbulletin and any other content management system you can think of. Sucuri is a complete website solution to secure, protect and does everything which is required for security of any website.

Some of the most important features of Sucuri;

  • Malware & blacklist monitoring
  • Email, sms, & twitter alerting
  • Malware cleanup
  • Server side scanning
  • Blacklist removal and lot more

To know more about Sucuri, Click Here.

WordPress Security- Protect it From Hacking

With the usage of above mentioned tips, techniques, plugins and services, you can significantly improve wordpress security of your site. Security requires constant efforts and being on the top of everything. You need to constantly update wordpress, themes & plugins.

Also, remove spam comments and unused plugins & themes.

As mentioned earlier, web hosting is a critical part of wordpress security. Therefore make sure that you are sticking to the most established name in the hosting industry.

Any site could be hacked but you should try to take all precautions.

Please leave your comments and queries, if any.

Also please share if you think it may help others.

Sharing is Caring
Share
About akhilendra

Hi, I’m Akhilendra and I write about Product management, Business Analysis, Data Science, IT & Web. Join me on Twitter, Facebook & Linkedin

Comments

  1. Really awesome.

  2. This Content is very informative for me.

  3. This content is very helpful for me. Thanks for sharing

  4. THE INFORMATIONS ARE VERY HELPFUL AND INFORMATIVE.

  5. Nice post!! It’s useful and helpful article for me. Thanks for sharing.

  6. hey akhilendra, that is really nice article. Love this one. Can I get ethical hacker for my blog to protect from hacking?

  7. Very good staffing!

    Here are few talking about WordPress security. All them only for WordPress or can we use for WooCommerce site also?

  8. Is there any app available to protect wordpress login security ?

  9. very nice article…
    could you tell me any way in blogger to stop spamming

    • You can use commentluv premium plugin to control spam on your blog. I use commentluv premium to handle commenting on my blogs. I receive zero spam because commentluv come with a features GASP which is extremely good to control spam.Let me know if you need more information about it.

Speak Your Mind

*