Fall of man is one of the most pivotal aspects of Christian theology. But here we aren’t going to talk about that. But yes, we indeed are going to give you some mantras, implementing which you can make sure that hackers fall 99.9% of the times they try to hack your WordPress (WP) website. Though there is no Achilles’ shield to protect WordPress – if someone claims to have any, they’re certainly showing you a way to yet another hoax – the guidelines that we’ll provide will definitely ensure you a safer, stronger WP website.

First let’s look at some screenshots (the first one is taken from WordPress forum, the second from a post on WordPress hacker-fighting).

If you notice the date of these screenshots, you’ll find out that WordPress might have made a sea of security upgrades in the course of these years, but hackers are still somehow making their way to give nightmare to WordPress site owners.

WordPress: Going viral from years; so is the frustration

As you can see, WordPress is not only the most widely searched but also most widely used content management system across the globe. There are millions of WP users. But many of them often come across the security-related issues – some get the right guidance to fix everything, while the others, unfortunately, get their sites compromised.

Google Trends Showing Global Searches

So, with the rise of the popularity of WP and its users, the frustration over hackers is also rising.

What security precautions you can take? Let’s start from the basics!

Do you have the latest update of WordPress? WordPress team keeps on fixing security loopholes in the software and enhancing its functionality on the regular basis, and you can update the latest version by using the automatic update feature or by visiting the main WordPress website. (Don’t trust on any other source as it can land you in a fix.)

Do you backup (with Cloudsafe365, WP-DB-Backup, Dropbox etc) regularly? Do you have a strong password (which usually includes numeric characters, special characters and a mix of uppercase-lowercase alphabets) and change it often? You have it all and do it all? Great! The bullet-proofing of your WordPress begins from here only.

This ain’t Hitler’s world; Nail brute-force login attempts

There’s this Limit Login Attempt WordPress plugin that allows you to restrict/block the Internet address through which someone tries to repeatedly login through your account. Plugins like this have significantly lowered down the rate of hacking in the recent years. Many of them also provide an option to save the Internet address of those who continuously login with wrong password.

Give that Achilles-like might to your admin!

Firstly, don’t do the mistake of naming your user name as admin – it’s half the battle won for hackers. Also, add password protection from server end as well (to wp-admin), for this will make things difficult for hackers as they would have to bypass this security before attacking your admin files. Now, get your hands immediately on these two plugins: WordPress Security Scan and WordPress Firewall. The former shows you the areas at which your site is vulnerable, while the latter safeguards it from the most obvious threats. Better WP Security, in addition, is also a must-have plugin, for it helps you fix many security loopholes in your WP site.

Try to think like Sherlock Holmes about the plugins you install

In this big virtual world, you likely to come across many fascinating WP plugins – and they might seem quite promising as well. But don’t trust them unless they’re not hosted by WordPress, or unless they are something that you can truly bank upon. Plugin reviews and ratings can also help you separate weed from chaff. Look at this post in order to know how depressing a malicious plugin can be. It’s about a plugin, namely ToolsPack, which compromised tens of thousands of WP blogs.

Right now there are 20,884 plugins in the WP plugin bank, and that number might have increased by the time you finish reading this. Since WP plugins are made of mere php scripts, you can check the script of those you’re looking to install in your WP site. Should you find any problem with it, don’t install it and report to WordPress as well.

Keep an Eagle eye on the changes made

No, we’re obviously not talking about the changes you made, but those that are made without your notice – in your logs, files etc. OSSEC is one of the most reliable solutions for this purpose. Using this tool will enable you to take quick action over any black-hat activity.

Wait, are you aware of this:

Complete protection not only includes strengthening your WordPress website but also the platforms from/through which you use it.

- Your computer must not have malware, virus or malicious software installed. To ensure this we recommend you to use an antivirus that gives you a complete protection.

- Your web host must have a robust network, or else information can be easily intercepted by hackers. By the same token, your network should also be safe.

- Ensure that your web server is secure and you have hired a trusted host. In case of a shared server, be more vigilant and don’t hesitate asking your host regarding the security measures they take.

We hope that we’ve covered the majority of WP security precautions and that you find this post helpful. If you’ve got your WP website already hacked, you might find effective solutions here and here. And in case you have any query or want to share your views regarding the topic under consideration, please post your comments in the below section.

Author bio:
Sahil Anand is a writer/editor who has a background in English literature and who loves reading through and contributing to technology blogs. He writes for PixelCrayons, a Web/mobile development firm that specializes in WordPress Web development and, on the broader front, CMS Web development.