How to Secure WordPress

Recently two of my clients had their Wordpress websites shut down by their web host because their sites had been compromised by hackers who were using the sites to send spam emails. One of the sites is still unavailable and the other was offline for over a week. Thankfully nothing was lost because the database was unaffected, but I had to spend a few hours reinstalling Wordpress and recreating a few widgets that had been lost.

Also fairly recently, another client’s Wordpress website suddenly started acting very strangely and the content wasn’t visible to visitors. Although I never determined the exact cause of the problem, it was more than likely due to hacking.

Unfortunately I’m not exaggerating when I say that website hacking is becoming a very common occurence, particularly with Wordpress. I’ve had 3 clients affected out of more than 20 in the last couple of months alone.

WordPress is easily one of the very best content management systems there is, and I’ve read that it now powers about 15% of all the websites in the world – which must be many millions. The downside of its popularity is that it has become a very common target for hackers, and its open-source nature makes it a much more vulnerable to attack.

But why would someone want to hack your website?

There are several reasons why your website could become a target to hackers.

* If you have any kind of contact form, they can sometimes hack into this and use it to send spam emails.

* They can insert redirects which would redirect your visitors to another website

* They can insert spam links into your site to try to improve the Google rankings of their own site. These links are usually to pornography, gambling or viagra sales type websites.

* They can insert malware – malicious software that automatically gets installed on the computers of your visitors which can cause all kinds of problems for your visitors.

If any of these things happen it can cause serious problems for your and your website. For example:

– If Google detects that your site contains any form of malware they will quickly de-index you from their listings. I know at least one person this happened to last year. They had first page rankings in Google for their primary keyword and then lost if because of hackers inserting malware. They did get their rankings back eventually but it took several months.

– If your contact form has been exploited by spammers then your hosting company will shut down your website immediately

– If your site visitors see links to pornography and gambling sites, they’re not going to be too impressed with you!

– Or if redirect links are inserted then your visitors won’t even see your website, they’ll be taken somewhere else.

Unfortunately this kind of thing happens to thousands of websites every single day, this is because most of it is entirely automated. Hackers write software programs that automatically scan the internet for websites that vulnerable and then automatically hack them in which ever way they’ve been programmed.

How to Secure Your WordPress Site

As site hacking becomes more common it’s very important that you do several things to prevent it from happening to you. Or if you want to make it as simple and painless as possible, you can sign up for my new WordPress Security Package.

If you want to implement the security yourself then here’s what you must do:

1) Always keep Wordpress Updated – Wordpress is constantly being updated by the people who make it. There are both minor and major updates. Minor updates usually just fix bugs and security issues, while major updates add new and exciting features. However, your Wordpress installation is not updated automatically. You have to click an few buttons to receive the update. When you log-in to Wordpress there will always be a message at the top of the screen letting you know if there’s a new version of Wordpress available. Minor WordPress updates are released every couple of weeks on average, so log-in to your site at least once every 2 weeks to check for updates.

2) Always keep your plugins updated – many WordPress plugins are also regularly updated, particularly after new versions of WordPress are released. Some plugins contain security flaws that hackers can exploit, so it’s important to check your plugins at least once a month to see if there are updates available. Also before you update Wordpress, always update your plugins first.

3) Install Wordpress Plugins that enhance security. I’ve just been researching some of the best plugins that will significantly enhance security and make it almost impossible to hack your Wordpress, and here are the ones I recommend:

Wordfence –

Bulletproof Security –

Ultimate Security Checker –

Login Security Solution –

Spam Free Wordpress –

4) I also highly recommend using the service Cloudfare–  Not only does it add several impressive security features, but it also helps to speed up your website. It’s a free service (There is also a paid upgrade, but the free service is sufficient for most people’s needs). It is a little fiddly to setup because it involves changing your nameservers with your domain registrar, but it’s not too difficult.

Now of course you can do this all yourself if you feel confident about using WordPress and updating your domain settings, but if you’d like all this done for you then I’ve developed a new security package. Not only will I ensure your WordPress is as secure as it possibly can be but I will also update your WordPress as soon as new updates are available. Click here for more info.

No comments yet.

Leave a Reply