WordPress is the most popular content management systems (CMS) for websites. In fact I use it not only for this site, but for the majority of client sites as well. It is extremely flexible and can be customized for just about any business need. Previously, I have discussed the importance of focusing on your own website over social media, and whether you need a simple business website or a full blown e-commerce shopping cart, WordPress can meet almost any business need.
Unfortunately with most CMS platforms there will be those who look to expose loopholes within those systems, which means that WordPress is not exempt from these hackers. In fact, WordPress is frequently updated not only to add new features, but to close known loopholes.
However, you should not rely solely on the most recent update to for WordPress protection. I will give you my list of plugins that can help strengthen your site and how to protect your WordPress site from hackers. Not only will these plugins help, but you will need to install a SSL certificate on your WordPress website as well. While nothing will protect you 100% from attacks, using these plugins will definitely decrease the chances of it happening through better WordPress security measures.
Most hackers will look for anyway into your WordPress site they can find. Most commonly through attempting to login to your site through /wp-admin/. Luckily for us, there are some good plugins to help combat these attempts.
Keep in mind that keeping your site clean from hacks can help your website speed increase. So it’s very important to take a stand.
One of the more popular methods for protecting a WordPress site against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection attacks is through the use of this plugin.
While it might be overwhelming at first glance after installing it, this plugin does quite a bit with minimal effort on your part. Simply follow the steps and messages displayed and you will easily get your website protected against common attacks found on WordPress sites.
This simply plugin will block brute force attacks and track login IP addresses, usernames, and passwords. It takes just mere seconds to install and configure. A feature that I like is the option to setup email notifications of breach attempts so you can be immediately notified of any suspicious activity on your site.
Being proactive in monitoring and protecting your WordPress files provides your site better chances of preventing malicious injections that will ultimately compromise your website.
This plugin is as simple as it can get. Once installed, just provide an email address for notifications. This plugin will automatically scan your files daily and send you an email notification should something need your attention.
Knowing when a file has been added, changed, or deleted automatically will help you combat potential hackers. Installing this plugin is a breeze and straightforward.
Among the options you have are email notifications, admin alerts, and include/exclude the monitoring of specific file extensions.
If you are like me, you are often guilty of “ignoring” the update available notification you get when you are logged into your WordPress admin panel. Additionally, if you have many WordPress sites, it can be tough to stay on top of which installations or plugins need to be updated. By not updating your plugins and files, you are opening the door to having your site compromised.
This simple plugin will email you whenever an update is needed. Now there is no more excuses for not updating your installation and plugins.
If you do not have a current backup of your WordPress site, you are severely risking all of the hard work you have put in to building your site. Would your site get hacked, it can be very costly to fix, or even worse you could actually lose all your files. There are many plugins available (as you will see below) which can automate this process for you. I recommend using a combination of plugins to ensure you have multiple instances of backups should one become corrupt or unable to be opened/re-installed.
Having a clean backup will allow you to easily fix your hacked WordPress site in most cases by re-uploading a previous instance of your website.
This simple plugin will allow you to easily backup your WordPress site. Like many WordPress backup plugins, this one is simple to install. This plugin encrypts your data while it is downloaded, emailed, and stored.
One potential disadvantage is that the service used to store your backup will only store up to 100MB for free. If your backup is larger, you may have to pay for more storage.
To me, this plugin is a no brainer. Dropbox is excellent for many reasons (to get an account click here). Your basic Dropbox account should have more than enough storage space for your WordPress backup unless you have thousands of posts, images, etc. on your site. Even then, simply upgrade your Dropbox account and you should have enough storage space.
What is great about this plugin is that it is truly a set it and forget it WordPress backup plugin. Simply install it and connect it to your Dropbox account, configure a few settings and you are good to go. Be sure to select your database to be backed up as well.
As an avid user of Google Drive, backing up my WordPress site to this service makes perfect sense. This plugin is simple to setup and before you know it, your Google Drive account will be connected to your WordPress site.
When setting this up, be sure to click “yes” to backup your database as well. If you do not select this, then you are only backing up your files.
While there are no doubt many available plugins for protecting your WordPress site, which ones do you use on your websites? Have you found them to help minimize successful hacking attempts on your website? Or, maybe you have put off being proactive and ended up with a monster headache trying to get your site back online?
Sound off with your experiences, both good and bad in the comments below.
Or if you know a business owner who has had issues protecting their site, be sure to send them a link to this post on how to secure WordPress. And if all else fails, you might need to start over by resetting your WordPress site.