More often than not, I get to read about certain data loss horror story from WordPress users. The concept of hacking is not something new.
A few years ago I helped Patrice who runs Afrobella recover from a seriously nasty malware hack to her blog after Google told her she had been blacklisted. It was frustrating for Patrice, her fans, and advertisers but I got the site cleaned up and hack free. Back in June, I saw there was a call for WordPress security topics so I jumped in. And recently I visited the local conference on WordPress sites security in Portland.
If you are thinking that you can sit back and relax after fixing a hacked site, then sadly you are wrong. You must learn from your mistakes and take a fresh start. You need to make darn sure your site doesn’t get hacked again. For it, you need to take the following preventive measures:
- Keep all your plugins and themes up to date. Make sure you run the recent version of WordPress every time.
- Use a reliable and secure web hosting. Instead of shared hosting, shift to managed WordPress hosting because it is safe to use.
- Use strong and unpredictable passwords.
- Limit the repetitive login attempts by installing a third party plugin.
- Install a reputable security plugin like iThemes Security and configure it properly.
- Block the attacks from reaching to the server by installing a website firewall and monitoring system.
- Run regular scans on your WordPress site.
- Schedule regular backups with plugins like BackupBuddy.
- Get rid of all old WordPress installations lying around on your server.
- Finally, subscribe to a security solution providers which keeps an eye on your site security.
Most common questions from the conference:
What hosting company do you recommend and why?
Rochenhost – They do backups twice a day, respond to support tickets in 8 – 14 minutes, have Red Hat certified technicians and proactively monitor their shared hosting servers. Fast, responsive and solid.
What WordPress theme provider do you recommend and why?
Woothemes – They keep all their themes up to date on a regular basis, they have great support and active community of users, their framework supports patching security issues in their themes and they have a wide variety of flexible themes to fit nearly any WordPress site
What are the best security/protection plugins?
- Simple History
- Exploit Scanner
- Akismet htaccess writer
- Audit Trail
- WordPress Hashcash
- Login LockDown
Where can I get WordPress training online?
You can head over to Udemy “Build Your Own WordPress Website training” or search the web for similar courses, there are lots of good ones. Remember, the best part about using WordPress is that it is SEO optimized out of the box.
I received a really nice quote from a previous client I set up on WordPress in 2014 because I asked him to share his story with a new prospective client who is still riding the fence on WordPress:
“I know that WordPress has been the best thing. Many changes I do myself which keeps the site fresh. It also keeps me interested in routinely updating since I instantly see the changes.”
Joseph L. Rapacki, Rapacki & Co Accounting (yes, that’s a WordPress site)
Have you ever been a victim of a hacking attempt? How you encountered that situation? What tools and techniques you used? Share your story.
In conclusion here are some useful links:
Also, check out this presentation: