How to Keep Your WordPress Site Safe From Hackers

I’d like to extend a special thanks to for featuring our post on their page. With blogging increasingly an internet staple, it’s important to know how things work. If you’ve got a blog, consider reading their post on Maintenance Mode when you finish this article to learn how best to update your pages.

No one really knows whether someone becomes a hacker simply to ruin your day or to reap the benefits of others’ hard work. Whichever their motivation, they have their sights set on websites and pages with vulnerabilities. Improperly prepared, your WordPress page could become a target.

You could even become the medium through which your site is compromised. Poor security on the devices that you use to access your account can allow the bad guys to get a leg up on your hard work. Don’t become a victim. Take measures to protect your efforts from being hijacked.

1.  Lock the Front Door

When most of us leave our homes, we lock the door behind us tight. We keep a unique key with us and limit the amount of people we give spares to. This should be the same procedure on your WordPress. You may have already guessed what we’re talking about here: your login details.

Far too many WordPress users leave the default user name “admin,” meaning all the most casual criminal needs to figure out is your password. Always make sure your login is something unique, and don’t share it with anyone else. If you’re using the archive feature when you’re publishing pages, make sure the subdomain is not your login name (this is an easy way to hand out your login otherwise).

It’s also a good idea to limit the number of login attempts to your service. It may be a bit of an inconvenience if someone locks you out by purposely failing attempts, but it still beats having someone hack into your page by making endless guesses with some program.

Of course a unique login is of little consequence without a strong password. It’s extraordinarily common—if not downright criminally so—for users to select terrible passwords for their accounts. I’m talking passwords such as “123456” or “password.” These are what you might call “weak” passwords.

Your passwords should be non-words that are composed of a mixture of features, including at least three of the following elements: uppercase letters, lowercase letters, numbers and symbols. Passwords should always contain at least 8 characters, but should ideally be as long as possible. Passphrases are handy, as they are easy for you to remember but difficult to guess.

Be sure not to re-use passwords from other services either. A skeleton key is as useful to a thief as it is to you. And please, please logout when you’re done!

2.  Secure Your Devices

The software you keep helps you accomplish and publish tasks, but it also protects you from intruders and malware. No matter how good your password may be, it does no good if you’ve picked up a keylogger or other malware or if someone has directly hacked into your device.

Anti-virus software is mostly free and super easy to get. Many PCs come with it pre-installed (though usually it’s a trial version), but your mobile devices probably don’t. Pick up a program such as Panda Free Anti-virus or Avast, both free with the option to purchase additional features (though for most use, the free version is totally fine).

Those same services may also offer firewalls, which detect intrusions on your network and help you keep only the needed ports open. This means hackers can’t access your device without being detected.

A Virtual Private Network (VPN) is another great tool to have, as it not only encrypts and secures your connection, but it allows you to hide your IP address and work anonymously. For WordPress, this means working on the go with considerably less risk, as you needn’t worry about using public WiFi and having your data stolen. It’s also handy if you need a foreign IP address to access content from out of country (or in your own country if you’re traveling).

3.  Watch Out for Scripts on Your Page

Scripts do a number of beneficial things for your page; they pretty much run it! But there are some types of malicious scripting that can lead to stolen data and very angry visitors. Two common types you should be on the lookout for are Cross Site Scripting (XSS) and SQL injection.

If left unchecked, Cross Site Scripting can make your website a platform for broadcasting malicious scripting that may damage your visitor’s computers or steal their private information and files. You should invest in a service to regularly scan your site to ensure it isn’t vulnerable to these sorts of attacks.

SQL injection works a little differently; think of it as exploiting your website’s URL to send commands that you don’t want sent. The consequences are especially annoying, as someone can use this to hack into your page to modify your files. It’s a great way to lose audience when someone visits your page and finds something highly offensive.

Acunetix is one of several services you might consider using to look for these kinds of vulnerabilities in your page. There are ways to handle it manually, but considering the time invested, it may be worth having a service to help do things faster.

4.  Moderate Troubles Away

Many pages depend heavily on some sort of comment section to help users engage. They’re a great way to complete the feedback loop, but they can also be a major problem if left without any form of attention.

Check posts on your page regularly to ensure no one is posting phishing scams or other fake links. Not only can these compromise your users, but malicious posts also send the message that your page is untidy or perhaps even abandoned. A little house cleaning can go a long way to keeping you and users safer.

5.  You Better Back That Up

When all else fails and the worst happens, you don’t want to be left building everything from scratch. Despite your best efforts, there may be new security vulnerabilities that pop up before anyone can develop good countermeasures.

If you backup your files and database regularly, you can restore everything right away. Just be sure you do it often, and try to keep a copy on something not connected to the internet, such as a portable hard drive, flash drive or extra computer. Your users will also appreciate it as they won’t be left without content for quite as long should you need to start over.

6.  Update Plugins and Other Software

If you’re using plugins or any other software, be sure to update it as soon as updates become available. New security vulnerabilities are discovered all the time and may be fixed in more recent versions.

Keep yourself up to date as well. While you’ll no doubt have plenty of visitors on your page, it benefits you just as much to visit others’ pages. Learn from the problems and security breaches around you and take measures to avoid being yet another statistic. Read a security blog every now and then to check if there’ve been any new developments you should know about.

What steps are you taking to secure your WordPress page?

About the Author:

Cassie Phillips is a blogger who loves to share the latest tips on keeping your content interesting and secure. She promotes the use of safe and modern practices for maintaining a free and open internet.

Leave a Comment