Why Hack You? Increase the protection of your WordPress site

WordPress Security Tips - NativeSpace.com

Have you ever wondered why your little innocent blog gets constantly hacked (?) - here is why.

WordPress sites get hacked constantly for the following reasons : 


• WordPress as a platform is very famous, and attracts a lot of attention as it presents a wide field of websites to exploit.

• Because WordPress is quite accessible and easy to setup, hackers are aware that most users when it comes to security are not that savvy.

• A WordPress hacked, can serve for traffic redirects, spam robots and malicious code.



Basic Levels of WordPress Security

1. Update WordPress

    - Always keep your WordPress up to date, whenever a new version of WordPress comes out, update to it immediately, every time. Every release of new versions mostly is for security reasons.


2. Update Plugins

    - Avoid using plugins that don't have good reputation, only use plugins with established reputation for reliability and delivering promises. Everytime a new version of the plugin is released, make sure to update it. Plugin vulnerabilities are one of the most common reason WordPress sites get hacked.


3. Old Plugins Must Go
    - Any unused plugins should not be kept, as they serve as a potential gate for exploitation of your website. Old plugins are insecure as well, if they are not supported by new updates find a another equivalent for it that serves the same purpose but it is backed by new security releases and updates.


4. Spam Killer Plugins

   - Spamming is a long lasting security issue, use plugins like Aksimet to prevent spamming issues.(Make sure to keep such plugins updated.)

5. Install Only Trustful Themes

   - Always make sure to keep your installed theme updated and its plugin dependencies. As a good security practice, only install themes developed by reputable companies. Generally premium themes are slightly more secure and have better backup support when it comes to updates and new releases.

6. Avoid Common Usernames

  - Try your best to use uncommon words for usernames, avoid using vaguely words associated with your website or your public information, never use usernames such as "Admin" - that are easily guessed.

7. Implement Strong Passwords and Change Frequently

  - Always setup strong/long/complicated passwords, or use password generators.

8. Security Plugins

   - Always install one or more of the plugins below:

    • Wordfence
    • WP Security Firewall
    • iThemes Security
    • Sucuri Security
    • Bulletproof Security
    • Acunetix WP SecurityScan
    • All-in-One WP Security & Firewall
    • 6Scan Security
    • BruteProtect


9. Backup Database

  1. Always backup your database, you can use plugins to backup the data on your server hosting account related to WordPress.
  2. It's one of the best practices to have a backup of your database on your computer's hard driver, and one on your email storage.


10. Secure your Computer

  - It is necessary to have an Anti-Viruse installed on your computer, as it will prevent hackers obtaining sensitive information from your computer's hard drive that leads to your site getting hacked.

11. Beware of Emails

  - Avoid clicking suspicious links and attachments sent to you via email. 

12. Beware of your Browser

 - Modern browsers use a lot of plugins and extensions which can lead to your WordPress site getting hacked. Do not install unnecessary extensions on your browsers, at least make sure to keep the updated and install only those with good reputation. Always keep your browser updated.

Advanced Security Advices (WordPress)


1. Install a Firewall

  - To keep the hackers out of your website or server, always consider a Firewall. Firewall can be obtained as a purchased service or get as a premium plugin. Consider "All-in-One WP Security & Firewall".


2. Change Standard URLs (/wp-admin /wp-login)

   - Security plugins like All-in-One have features where they allow you to change standard urls like "/wp-admin" to "/mysecretadminlogin" (you can set it as you wish.)

3. Setup 2-Step Password Auth

   - You can setup password authentication for your WordPress site. You can use Google Authenticator or Clef Authenticator, there are different kind of WordPress 2-step verification plugins also.

4. Block the Evil IPs

  - All the IP Addresses listed as suspicious through monitoring of brute force attacks by your security plugins, can be pasted into relevant plugin modules or denied on your .htaccess file.


5. Change 'User_Nicename' in PhpMyAdmin Database

 - By changing the 'user_nicename' in your database, you prevent your username from leaking out. After the change "/author/" won't show up your username, a viewer will see a different name.


6. Change Admin User ID

  - If generally the "author=1" - by changing the user ID to a uncommon value like "6693", you will make it harder for hackers to guess your username by guessing the "author's" value.

7. Change SALTs (wp-config)

  - It is a good security practice to change the SALTs encrypted passwords related to your website. You can perform this action manually or through a security plugin.


8. Use Unique Database Prefixes

  - It is a good practice to change the 'wp_prefix' of your table names in PhpMyAdmin, to avoid hackers tracking/locate your database.

9. Avoid PHP Injections

  - Always protect your uploads file from php injections.

10. File Permissions

  - Having proper file permissions is necessary for tight-up security. Directories should have permissions of 755 or 750. Files should have permissions of 644 or 640, excluding 'wp-config.php', which should be 440 or 400.

For more security advises and help on setting up security recommendations above, email us. (support@nativespace.com)



  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

Top 28 WordPress Security Plugins (Why Hack You?)

These plugins will serve as secret agents, gathering intelligence on the enemies of your site....