HelloMoneyTree

Make Money, Be Free

BlogBloggingMake Money

12 Ways To Protect WordPress Website From Hackers

12 Ways To Protect WordPress Website From Hackers

Securing your website should be one of the utmost priorities as a blogger. This is especially important when you have a new blog. 

Imagine being busy decorating a house that has no door, that’s what it is like for a blogger to be busy writing content and handling other matters when they haven’t secured their WordPress site from hackers yet. 

Everything else can wait, please take the time to read through this article on how you can protect your site from hackers and start implementing these strategies today. 

Some WordPress hack stats 

Before we go further, here are some stats about WordPress hacks that happened in previous years: 

  • 41% of WordPress blogs that were hacked were done through hosting
  • 29% of WordPress blogs that were hacked were done through themes
  • 22% of WordPress blogs that were hacked were done through plugins 
  • 8% of WordPress blogs that were hacked were done through weak passwords 

Why do hackers want to gain access to your site? 

There are several reasons why hackers may want to hack your blog. Here are some of the most common reasons: 

  • To send spam emails and scam your subscribers 
  • To give your site visitors viruses so they can steal personal data including bank info 
  • To steal your information to sell to a third party 

Google will flag websites that they suspect have been hacked. It’ll send a big red screen warning visitors before they enter your site. This would be enough to drive most visitors away which means all your hard work would be for nothing. 

You should try your best to prevent hackers from gaining access to your site. 

1. Make your log-in username hard to guess

Here are some of the most common log-in usernames for blogs: 

  • Admin
  • User 
  • Your domain name
  • Your name 

The easier it is to guess your log-in username, the easier it would be for hackers to gain access to your WordPress site.

You can use a password generator like this one to create a random pattern of letters and numbers as your username. 

By default, your log-in username would be ‘admin’ so you’ll want to change that by logging into your WordPress site and then going into the dashboard. 

Unfortunately, you can’t change your username directly so you’ll have to create a new administrator first. 

Once you’re there on your WordPress dashboard, on the left-hand side, you should find ‘Users’. Click on ‘Add New’. 

From there, you’ll want to create a new user. Make sure the username is hard to guess. And since you can sign in via email as well, don’t use an email that is associated with your website. 

Give this new user the ‘administrator’ role. 

Log out and log in again with the new administrator role. Once you have succeeded in doing so, you’ll want to delete the other administrator role. 

2. Have a complicated password 

8% of WordPress blogs were hacked due to weak passwords. 

Having a strong password is one of the easiest things to do to ensure the safety of your WordPress site.

You can also regularly change your password to ensure you lower the chance of the password being guessed right by AI.

Try not to save your password on your computer as well since if your account somehow got hacked, at least your WordPress site is safe. 

Again, use a password generator such as this one, to create your complicated password. Make sure your password is more than 16 characters long. Write it down on a piece of paper and keep it somewhere safe. 

3. Change your log-in URL 

No one can break into your house if they don’t know where the entrance is and that is what you should do with your website as well.

For most blogs, the log-in URL is www.domain.com/wp-admin.

From there, hackers can try the most common usernames and passwords to try and gain access to your site. 

You can change your login URL which essentially hides the entrance into your site. If hackers can’t find your log-in page, they are less likely to infiltrate your blog.

To change your login URL, you can go over to your dashboard and click on the ‘Plugins’ button on the left-hand side of the screen. Then, click on ‘Add New’. 

Then, you’ll want to type in “WPS Hide Login” into the search bar.

Click on ‘Install Now’ and then ‘Activate’. 

Once it’s activated, you can go over to your ‘Installed Plugins’ tab. 

Find ‘WPS Hide Login’ from the list and click on ‘Settings’. 

Scroll to the bottom and you’ll see the section, ‘Login URL. You can type in anything into the box and that’ll become the URL you’ll use to log in from that point forward. 

It doesn’t have to say https://yourdomain.com/login

It could end with anything even gibberish. As long as you remember the login URL, you’ll be able to log in. 

Just in case you forget, remember to write it down on a piece of paper. 

4. Keep your theme updated and remove unused themes 

Hackers can gain access to your WordPress site through your unused themes as well as the theme you’re currently using.

One of the reasons why themes may need to be updated is that a security patch has been discovered and if you fail to update, hackers can hack their way in.

This is also another reason to make sure that the theme you chose is reliable. Don’t just opt for a theme that looks good or is free. Make sure you check out the reviews as well. 

To delete your unused themes, you first have to go to your dashboard and find ‘Appearance’ on the left-hand side, click on ‘Themes’. 

Then, you’ll want to click into each of those themes that you aren’t currently using. 

A window will pop up.

You’ll then want to hit ‘Delete’ on the right bottom corner to erase the theme from your WordPress account.

Remember, you can always reinstall your themes later on. 

5. Keep all your plugins updated and remove unused plugins

Just like with themes, make sure your plugins are updated and remove the plugins that you aren’t using to prevent hackers from easily gaining access through a security breach.

Try not to exceed 10 plugins and do try to keep your total plugins less than 20. The more plugins you have, the more at risk you are if you don’t update your plugins soon enough.

There may also be times when the hackers get in through a plugin before an update is available so do be very careful with which plugins you install.

Always make sure the review of the plugin is good first before installing. 

Some bloggers don’t want to pay for certain plugins so they opt for a cheaper alternative that plants a bug in their WordPress site allowing hackers to get in.

You should access whether you need the plugin. If you really need it, then it’s okay to purchase one. Don’t get your whole site hacked in an attempt to save a few bucks. 

To remove your unused plugins, navigate to the plugin tab of your WordPress dashboard. Click on ‘Installed Plugins’. 

You’ll want to delete all your unused plugins by deactivating them first and then deleting them. If it’s already deactivated, you’ll see the delete button right there. 

You can always reinstall your plugins if you feel like you need them again. 

6. Keep your WordPress version updated 

You can see your WordPress Version by looking at the bottom right corner of your screen when you’re at the dashboard of your site. 

You should always have the latest version of WordPress and make sure the themes you use are compatible with the latest version.

Older versions of WordPress aren’t as secure so I wouldn’t advise you to use it. 

If the theme you selected isn’t compatible with the newest WordPress version, it’s time to switch to one that is. 

To update to the latest version of WordPress, you should look for a banner on your dashboard. You can usually update to the latest version with a click of a button. 

7. Keep PHP updated 

Another thing to keep updated is the PHP.

Again, when the latest PHP version is available, you will see a banner on your dashboard and you can update it with a click of a button.

If you aren’t sure how to update your PHP or even your WordPress version, you can ask your hosting service provider to help you.

Most hosting service provider has a live chat service. You can ask them to do it for you. 

8. Make sure you select a trustworthy hosting service provider 

This should be one of the most obvious things to do when it comes to securing your blog. 

Not having a trustworthy hosting service provider can mean that you are putting your blog at greater risk of being hacked. 

Some of the best hosting service providers to choose from include: 

9. Make sure you don’t have too many add-on domains and keep each of those secure

Add-on domains are available when you select a hosting plan that allows for an “unlimited” website. This means you can host unlimited domain names from your primary domain using your hosting package. 

In simpler terms, instead of creating a separate account to host your websites, you get to host multiple websites from just one account and one plan with the hosting company you’ve chosen. 

One of those websites would be known as the primary domain and the others are the add-on domains. 

While it does say “unlimited” and by theory, it is “unlimited” there are some restrictions. 

You see, the more domains you have as an add-on, the more files you have and with more files, you get closer to the limit they set for your hosting plan. So in reality, “unlimited” isn’t really “unlimited”. 

If you are a web developer or a web designer, you may want to upgrade to a dedicated hosting plan or VPS hosting to accommodate all those domains.

Another thing to note with add-on domains is that if each of those domains gets hacked, all your other domains are at risk.

If you aren’t the person who is handling all your client’s updates and maintenance of their site, it could so happen that one of the add-on domains doesn’t update everything they should and the hacker can infiltrate through their domain onto yours and every other add-on domain under the primary domain.

The more add-on domains you have, the greater the risk you take on. It’s best to keep your add-on domains low. Don’t go overboard. 

And if you do have a lot of add-on domains, you must make sure to update everything (ie. plugin, theme, WordPress version, etc) every day. 

If you want to find out how many add-on domains you have, you’ll have to check on your cPanel. 

When you log into your hosting company, you can switch to a different tab and press (Ctrl + F) on your keyboard to find the button for the cPanel. 

Once you’re at the cPanel, you’ll want to (Ctrl + F) ‘add-on domains’ or ‘add on’. You should see and remove as many of the add-on domains as you wish there. 

10. Backup your site 

Another thing you want to do is to backup your site with a plugin. 

It’d be awful to lose everything you worked so hard on because you don’t backup your site.

You may wonder, “But how would I lose my website in the first place?”. Well, this can happen when a hacker gets into your blog for instance. 

This can also happen when a plugin fails to do its job (either on purpose or due to a bug). It doesn’t happen too often but it still does make sense to back up your site in case something happens.

You can always revert back to an older version of your site if something goes wrong or if you made any changes that you didn’t like. 

In the early stages of your blog, when you haven’t had too many posts on there, you’ll want to test the backup plugin out to make sure you know what you’re doing. 

Later on, it’ll be harder to test the backup when you already have a lot of files under the domain. You may risk losing more when you attempt to play around with the backup later on. 

You can backup your site with a plugin such as Updraft Plus. It’s free and reliable. 

To install it, you can go to ‘Plugins’ and ‘Add New’. 

11. Install a security plugin

For all WordPress bloggers, you must have heard of Jetpack, it’s considered one of the most trustworthy security plugins. 

It has a free plan although you could upgrade it to a paid plan as well. 

12. Install a Captcha plugin 

A Captcha plugin prevents robots from brutally forcing their way into your blog.

It makes sure that it’s a human rather than a robot trying to log into the blog. 

One of the best captcha plugins is ‘reCaptcha by BestWebSoft’. 

You can enable reCaptcha for the login form so that whenever anyone tries logging into your site, they’d be met with a Captcha. 

Final thought 

For new bloggers, blogging can feel overwhelming with so much stuff to learn and new terms to research. 

This could especially be the case for those who are scratching their heads and wondering what they should do to keep their blogs safe.

I hope this article has been a useful guide to you in helping to keep your blog secure from hackers. 

Securing your blog isn’t as difficult as it seems. Most of what you need to do are to install the right plugins and keep things updated. You should be fine for the most part.

What you don’t want to do is to put off securing your blog as you may just give hackers the opportunity to infiltrate and destroy months (or even years) worth of work. 

So, go ahead. Do what you gotta do. 

Cheers! 🙂 

Share this post

Leave a Reply