WordPress Hack Prevention

Posted on Sep 13, 2019


1. GET UP-TO-DATE

Updating everything on WordPress sounds daunting but can be done automatically! Insert this into your wp-config.php:

” define( ‘WP_AUTO_UPDATE_CORE’, true ); “

Don’t forget to put this in your functions.php:

” add_filter( ‘auto_update_plugin’, ‘__return_true’ ); ”
” add_filter( ‘auto_update_theme’, ‘__return_true’ ); “

2. CHOOSE YOUR THEMES AND PLUGINS CAREFULLY

Simply choose plugins that have at least 40,000 installs and has a rating of at least 4/5. Make sure, however, to see if its latest update is only a few months old; otherwise it’s much easier to hack into.

3. MODERATE USERS

Make sure none of your users have access to the site that you don’t want. Also delete any old users wherever you can.

4. DISABLE WORDPRESS FILE EDITING

File editing through WordPress is a quick and easy way to make edits, but is also rendering your site susceptible to attacks. It’s best to disable this unless you don’t have FTP access by inputting the following into wp-config.php:

” define(‘DISALLOW_FILE_EDIT’, true); “

5. PROTECT YOUR LOGIN PAGE

You should rename your wp-login.php page so that brute force attacks are practically ineffective. “All in One WP Security” does this for you for free!

6. ADD TWO-FACTOR AUTHENTICATION

This just means you either get a text or email notification sent to you so that nobody can get in unless you let them. You simply have to fill out a verification code sent to you.

7. CHANGE YOUR ADMIN USERNAME

Brute force attacks commonly use the username “Admin” to get into your site. Simply rename it so they have no extra way to get in.

8. USE SSL TO ENCRYPT YOUR DATA

SSL’s really simple to setup as long as you have a CloudFlare account and you have your DNS pointed there. Many hosting services are also starting to provide a free SSL to boot.

9. LIMIT LOGIN ATTEMPTS

“All in One WP Security” does this for you too! If a hacker has too many wrong answers when trying to login, they’ll be locked out for a certain period of time.

10. ALTER YOUR WORDPRESS DATABASE TABLE PREFIX

WordPress databases almost always start with “wp-“. Much like “wp-login” and “admin”, this makes your site easier to hack. Just rename it to something else through your hosting control panel.

11. ALWAYS BACKUP YOUR WEBSITE

Do this for free using the plugin “BackWPUp”!