Hardening WordPress Websites

Hardening WordPress websites improves security. We utilize plugins and security driven code modifications to mitigate hacking attempts. We also offer services to clean up hacked WordPress websites.

The need for hardening WordPress websites

Hardening WordPress websites is a must-do item. Attempts to hack WordPress websites are constant and very widespread. Even small business sites and personal blogs are regularly attacked. When a hacker is successful most people have no idea their site has been compromised -until the day when things abruptly go haywire. Hardening WordPress can prevent almost any attempt to hack your website.

The fallout from a hacked website

Owners of a hacked website one day notice their site is totally gone, has gone from page one to page 10, an email with a notice of a Google Manual Penalty, or related causes for deep concern. This is how most people come to know their site has been hacked. So what now?

It’s going to cost you some money. Cleaning up a hacked website is a LOT of work. Often it’s better to setup new hosting, install a fresh version of WordPress, and rebuild your website. If your site was destroyed, and you don’t have a backup copy, you will need to pay for a new WordPress website design.

Search engine ranking losses are inevitable. A hacked site usually suffers huge ranking losses resulting from a Google Manual Penalty. Even after your site is “clean” you must prepare and submit a reconsideration request. There is no guarantee that your site will recover lost rankings, and the reconsideration process can take many months.

Why Do People Hack WordPress Websites?

Why do people hack WordPress websites? The short answer is that some people are jerks. There are three common reasons that people hack WordPress websites.

  1. The challenge of “being a successful hacker” motivates many of these problems. Often these criminals destroy a website to mock you, and prove their awesome abilities.
  2. Malicious intent involves instances where a hacker adds pieces of code to your site (virus, malware, etc.) that will be transferred to computers that visit your site, or that steal and transmit sensitive information such as passwords or credit card information.
  3. Making money is the motivation for the most proficient hackers. By placing malicious code in various places they use your server to send spam emails, flip your website users to other websites, or effectively steal your traffic to improve traffic on other sites.

Unsecured WordPress sites can be hacked – and it’s easier than you may think. A long password of random characters is hardly a better security idea than hiding a spare key under your doormat. Hardening WordPress websites is the most effective measure you can take to protect your website and your business from criminal hackers.

10 Ways to Improve Security on Your WordPress website

  1. Actively manage WordPress version updates
  2. Actively manage WordPress plugin updates
  3. Delete unused WordPress themes, i.e. TwentySixteen, etc.
  4. Avoid creating usernames hackers try in brute force attacks (admin, owner, etc.)
  5. Do not use your WordPress login username as your “publicly viewable” name
  6. Change file permissions to “read only” on wp-includes, wp-content, wp-admin folders
  7. Use an htaccess file to block access to vulnerable folders (wp-includes, etc.)
  8. Install WordPress security plugins such as WordFence (paid version) and Sucuri
  9. Setup WordFence and Sucuri email alerts for failed logins and security breaches
  10. Use Updraft (paid version) to create site backups that are emailed to Google Drive

WARNING: Making changes to WordPress files or server settings can bring down your entire site. Do NOT attempt to change your site files or server settings unless you understand what you are doing.