Prevent Your WordPress website from being hacked
You may have read our other blog post about what to do when your website has been hacked, but this post is about things you can do to prevent your WordPress site from being hacked. We’ve broken down how to prevent your WordPress website from being hacked into 5 steps…
Step 1: Get alerted when your website has been hacked
Ok, we admit this step isn’t so much about prevention, but it’s important that you are among the first to know that your site has been hacked. You want to be in a position to fix the problems before your customers see them. The best way to get notified about a hacked website is via the Google Webmaster site. You can read more about enabling these notifications by clicking here
Step 2: Update WordPress Frequently
It’s vital that you keep WordPress up to date. Not only will you appreciate the new features that the latest version brings, but you’ll also ensure that you have the latest security updates in place. Be sure to take backups and test your website after you upgrade as some third-party WordPress plugins are not always compatible with the latest WordPress release. Click here to read more about the WordPress upgrade process.
Step 3: Lockdown, Scan and Monitor
Login Lockdown is an excellent WordPress plugin that limits the number of invalid login attempts to your website. You can set the number of failed login attempts before lockout and also the length of the lockout.
We also recommend installing a plugin called WP Security Scan. This plugin checks that you don’t have any lax folder permissions on your web server, analyses database security and among the other great list of features also hides the version of WordPress that your website is running.
Finally, Sucuri is another good option to implement. Although it is a little pricey if you are running a high traffic volume site or an e-commerce site then it’s an excellent option. Sucuri is a website monitoring service that can identify if your site has been hit with a malware attack and alerts you to take action. You can receive alerts anytime anything changes via Email, Twitter, or RSS feed. Depending on you subscription plan, Sucuri also cleans up your site if it has been compromised.
Step 4: Backup, Backup, Backup!
We can’t emphasize enough the importance of backing up your website on a regular basis. There are many great solutions out there but we recommend BackupBuddy if you are using WordPress. BackupBuddy lets you schedule both database and file system backups. You can either download these backups to your local computer or schedule all BackupBuddy backups to an Amazon S3 storage account.
The other great feature of BackupBuddy is that it can restore your website in a matter of minutes should your entire site get comprimised, or if you want to move to another hosting provider. Drop us a line at Red Jet if you’d like some help setting up BackupBuddy for your WordPress website.
Step 5: Ensure Your Hosting Provider Is Proactive
If your website designer hosts your website then you should ask them the following questions about how they protect your website.
– Do you host my website on your own servers or at another companies premises?
– How secure is the physical location where my web server is housed?
– Is my website database, files and folders being backed up? If so how often?
– How can you insure that unauthorised users will not compromise the integrity of my Web site?
– Is my websites database shared with other websites or standalone?
If you have a WordPress website site and would like some assistance in implementing these measures to strengthen your site then contact us at Red Jet today.
Contact Us
- Email: info@redjet.co.nz
- Phone: 04 889 0055
- PO Box 48014,
- Silverstream, Upper Hutt
