Once your site is hacked it will cost you traffic, time and a lot of money. You have to completely redo your site. A significant number of sites are hacked every day. Though necessary tips are provided by WordPress CODEX (Hardening WordPress) but they are not enough. So this is the list of some possible measures that you can take to increase the security of your WordPress site.
Make Sure to Update As Soon As Possible
Latest updates come out often with the efforts of the core developers. All you have to do is grab the opportunity. You can only avail these facilities if you keep your site updated to its latest version. This way your site will be automatically protected from the external viruses.
Security updates apply automatically but some major releases need to be updated manually by going to their respective pages. So if you don’t take out time for these updates, you might leave your site prone to attack from hackers.
Use Trusted WordPress Themes
There are many directories which are full of various themes and plugins which you can use for your WordPress site, however, not all of them can be trusted. The entire themes list is created independently. There are some top notch banks which contain themes, all well approved by volunteers but you never know if one of them contains any malicious code which might cause major WordPress malfunction.
So much so these faulty plugins might contain some security loopholes. Hence hackers can easily intrude your site through these plugins.
The best you can do is always check reviews from people before downloading a theme for your site. Make sure the site which is offering you that theme directory is known for its excellence like WPMU DEV. Search for reviews from volunteers and then choose the best.
- ThemeForest – Themeforest is probably currently the most popular premium WordPress theme marketplace. Created by the great team over at Envato, they have over 6,000 WordPress themes that cover a wide variety of styles and features.
- Mojo Themes – Mojo Themes puts a little more emphasis on quality than Theme Forest – the average theme at Mojo Themes tends to be better than the average theme at Theme Forest. While Mojo Themes only has about 600 marketplace items.
- WPZOOM – WPZoom offers a nicely priced club membership as well as individual pricing for their 57 WordPress themes. They even offer thorough documentation and support for all of their themes
- Elegant Themes – Join 282,273 Happy Customers And Get Access To Elegant Themes’ Entire Collection Of 87 Beautiful Themes For The Price Of One.
This is of utmost importance that you keep a secure password for your website, this way you are giving the hacker a tough time in intruding your site.
If you keep simple passwords like “your name” or “12345” then it will be easy for the hackers to guess it and log in to your site. Hackers are very good at understanding human psyche so even if you think some simple word like “password” could not be guessed, DON’T take the risk. Once hacked, you might lose your account. As the hacker may immediately change the password and start adding malware to your site.
So this is a rule of thumb; always choose some complicated yet related password which you are sure that no one other than you can easily breakdown. It’s recommended your password contains uppercase letters, lower case letters as well as random numbers so that your hacker is given some tough time.
You don’t necessarily need a long password, just a unique one that only YOU can easily relate to.
Always keep in mind to have your website backed up.
If ever your site gets hacked or you do some changes in the software that are irreversible, the best thing you’d want is an entire copy of your original website.
Yes, that will be a sigh of relief as you know you have all the database and files necessary to regenerate your site. This way in case someone breaks or hacks your site; you can start fresh, recover all the data and report/delete the previous site.
But for all this, you need to have a backup and make sure the copy is regularly updated with all the productive changes you make on your WordPress site.
You should save the copy of your entire site at two different places other than your email (which might get hacked too).
The best option is to keep a backup on the cloud or your OS. This will ensure that even if anything goes wrong, you have an extra copy in hand.
Best Premium WordPress Backup Plugin
WordPress Backup & Clone Master is an all-in-one solution for WordPress backup, restoration, cloning, and migration. The plugin helps you manage the above processes in a secure, easy, and reliable way on a scheduled or on-demand basis.
The restore function in BackupBuddy is quick and straightforward. Upload the ImportBuddy file and your backup zip, and it walks you through the steps to restore your site: your themes, plugins, widgets and everything else.
BackupBuddy lets you move a WordPress site to another domain or host easily. This is a very attractive feature for WordPress developers who build a custom site for a client on a temporary domain or locally (like a sandbox or playground site) and then want to move (or migrate the entire site with themes, plugins, content, styles and widgets over to a live client domain.
Real-time WordPress Backup is blogVault’s latest offering. Using Real-time WordPress Backup, you can save every update to your WordPress site almost immediately. Any addition to your site in the form of a new post, comment, plugin, or theme is backed up almost instantly after.
Multi Plugin Installer is a utility plugin that saves you a lot of time of installing plugins. With MPI you can install multiple plugins all at once and activate them.
- Full customization of backups
- Auto scheduling
- Easy Upload / Download of backups
- Auto URL update for 100% of the site content
- Migrate your site to different server/domain with just a few clicks
- Simple user interface
Smart Backup is a complete WordPress solution for database backup and restores operations. You can create backups of your complete WordPress installation, files only, or database only. Backups can be restored with one click.
When a WooCommerce store is configured, all of the settings are stored in the database. This plugin extracts all of the settings and exports them to a CSV file. This file can be used as a backup and imported later, or it can be imported into another WooCommerce store.
Save your database and attachments with scheduled jobs, get the backups by email or send it to Dropbox. It automatically creates the archive of your database and files. Uses default WP Cron. Once you activate this plugin, it will backup your WordPress file to your backup and once completed, it will send the user an email notification of the completion.
Filetrip is a very unique and powerful WordPress plugin that not only help you acquire & manage digital information (Files, Videos, Music, Audio, Documents and Archives), the plugin mainly integrates your website to the cloud and let you sync almost any digital files into the two top cloud storage services available on the internet (Dropbox & Google Drive), where you can almost forward and distribute all of your website Media and acquired digital content to whatever channel you want.
VaultPress is a real-time backup and security scanning service designed and built by Automattic. The VaultPress plugin provides the required functionality to backup and synchronizes every post, comment, media file, revision and dashboard settings on our servers. To start safeguarding your site, you need to sign up for a VaultPress subscription.
BackUpWordPress will back up your entire site including your database and all your files on a schedule that suits you. Try it now to see how easy it is!
The backup plugin BackWPup Free can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like Dropbox, S3, FTP and many more, see list below. With a single backup .zip file, you are able to easily restore an installation.
13. wp Time Machine
Create archives of all your WordPress data & files and have them stored remotely. That’s right! Remote storage of…
- Your data (from your WordPress MySQL database)
- Your files (and Uploads) — everything in wp-content
- Your .htaccess file
- Instructions for a smooth recovery
- A shell script that can help automate recovery — though this is still a “work in progress”
WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.
Security WordPress Plugins
It’s a very good check if you have installed a security plugin. This way you are informed if any of the hackers is trying to attack your site or post spam stuff on your blog.
I’m sure it will help you secure your site.
Never keep a Default Username
Once your site is created, the username is already set to “admin”. In this case, it’s easier for hackers to attack your site as you have already provided the username. Now they only have to guess the password. So give them some tough luck and set a related username. Hacker is now one extra step behind you once you have manually changed the username.
Check files and Folder access Settings/Permission
If your site is on Linux you have the access to your file and folder permissions through which you can choose as to who your audience will be for that particular data. You can share data with selected audience, just make sure all your settings are not too permissive that almost anyone can access your important folders.
Secure Socket Layer certificate is used by many websites like Google, Facebook, and Twitter. Instead of HTTP in the link, you may see https which is indicating the SSL certification. This ensures that the connection is encrypted and safe to use.
So if your site involves entering usernames or passwords, then it’s necessary that you use SSL certificate for securing everyone’s personal information.
Easy HTTPS Redirection and Verve SSL are two good SSL plugins currently available.
It is necessary that the important pages of your site are not accessed by everyone. Limiting access means that these few pages which link you up to your entire site are only accessed by you and your potential users. This way your overall site will be safe.
Secure FTP (SFTP) is a safe way of adding files to your site. The passwords in this are encrypted so attackers cannot easily hack it.
Simple FTP is a way to add up more data to your existing site quickly, but it’s not secure. Your FTP connection can easily be interjected by hackers.
So it’s better to use secure FTP or SSH. Secure Shell access (SSH) can also be sued to transfer or add files to your site safely.
If you are not using any FTP connection for sharing more files, then it’s better you delete your FTP account. Don’t leave any room empty for the hackers to try and intrude your privacy.
Password on Certain Folders
You know which folders contain valuable data that might attract hacker’s attention, so it’s better that you put all such
folders on strict privacy. Keep a password on important folders so they are not accessed by everyone.
In control panel go to Security, then Password protect directories to see the list of all the folders. Now choose the
folders you want to keep safe and hidden from external users.
Once you have set the username and password, go under security settings title and check the box that says “Password
Protect this directory”. Finally, click save and you are ready to go.
You can also find software designed for this purpose on the internet. Download them and secure your important folders.
Change the prefix of table
In WordPress’s database, by default name of every table begins with wp_ just like some other default features. If you don’t change it, this means you are giving the hacker a chance to penetrate your database tables easily and hence make changes to your site.
So if you modify the tables name to some customized words related to yourself, it will be less accessible to the hacker.
Similarly, the name of your database is also by default ending with a particularly common name. Assigning it some new name or adding a unique sequence of alphabets to it will make it stand out. This way hacker will find difficult to decode it. You can take help from certain software to automatically change the name of the database to some unique username.
So these are some of the very basic yet a little extra effort requiring methods you can use to secure your website. However more methods which require more efforts also exist and they can go pretty far up as well when it comes to securing your websites, but it is of importance that most of the measures mentioned above can be performed.