Sticky div

Most webmasters learn this the hard way, meaning when their site gets hacked or injected by malware. Recovering from the virus attack can be very time consuming at times, why learn this the hard way when you can easily tweak a few things to improve your website’s WordPress Security.

It’s pretty obvious if your site was hit injected by malware or “hijacked”. For example, you can see a huge drop in visitors daily. Visitors dropping will also mean drop in revenue and sales right? And I’m very sure you don’t want that to happen.

Usually, it will take a few days to undo the damage due to thousands of hidden (cloaked) spam pages created to make sure your site gets hit by a penalty.

WordPress Under Attack Logo

Why these spam pages usually come in thousands? These hackers would make it impossible for Google to miss your site in order for a penalty. And it’s easy, in just a few clicks will created massive amount of spam pages that’ll send your website down the hole.

Cleaning up your website may take up a few days, but what about recovering from Google’s penalty? That will take up more than a month for Google to review and lift the penalty. Why go through all of that trouble when you can spend 10 minutes now to improve your website’s WordPress security.

In this Post, You Will Learn

Steps you can take to improve WordPress security.

How to check for threats on your website.

Checking for threats with Sucuri SiteCheck.

Going deep cover with your admin login page.

Install a firewall to prevent attacks SQL/Java injection.

Other security measures you should consider too.

Blocking search engine spiders from crawling and indexing the admin URL to prevent hack attempts and other malicious intents.

Delete unnecessary plugins and themes.

Steps You Can Take To Improve WordPress Security

Automate Your Website’s Back Up Cycle

First step in improving your website’s WordPress security is to make sure your back up cycle is fully automated either on a daily or weekly basis is completely up to you.

Why? You’ll find these backups very useful if your website is being hacked. It helps make recovering your site from hacks so much easier. Ever heard of “One Click Install”? Well, there’s something called “One Click Restore” too.

It is also good to have automated backups just in case when you’re upgrading your WordPress version or some plugins and themes you’ve installed goes kaput.

Some hosting companies does the backup for you automatically and they come with other amazing features. But if your hosting company doesn’t have these features, don’t worry.

You can use this free scheduled backup plugin available which I use too BackWPup plugin.

BackWPup Backups Archive

The BackWPup plugin will back up your site’s content including plugins, images, css, and everything else in the “WP-Content” folder into a simple compressed zip file.

You can also choose the location the upload goes to. This includes, Dropbox, SugarSync, email and a lot of other service providers.

As you are reading this, go ahead and install the plugin to make sure your site is well backed up.

Keep Your WordPress and Plugins Up To Date At All Times

Hackers are always coming up with new tricks to hack and inject their malware. Hence, weaker spots are found as time goes by.

This is the reason why it is very important to keep both your WordPress version and plugins up to date in order to uphold the WordPress security of your site.

How To Check For Threats on Your Website

Checking For Threats with Sucuri Sitecheck

You can always check scan your website for various range of threats at Sucuri SiteCheck which will check all your website’s URL.

Sucuri Site Check - IntelWizard

It will tell whether your site has been blacklisted by any search engines and so on.

Download and Install This Security Plugin To Improve WordPress Security

The Better WP Security aka iTheme Security is one of the best plugin that you can out there. I would say installing this plugin is essential to further secure your site’s WordPress Security.

Better WP Security Logo

This security plugin helps add a few more layers of security to your site with these features.

  • Ability to change your admin panel login URL.
  • It removes login error and fail messages.
  • Scans and protect your sites from hacks and weaknesses.
  • Bans bots and hackers automatically after “x” number of times.
  • Ability to changes WordPress database table prefix.
  • Ability to remove the version of WordPress.

Configuring the WordPress Keys at The WP-Config.php File

What you’re about to do here is adding WordPress Salts, they are keys for cookies and following these steps will ensure smoother and tighter user data encryption.

In iTheme Security, head over to WordPress Salts under the “Advanced” menu and generate these keys. The plugin will automatically generate simply replace with the generated ones:

WordPress Salt

And more other features and which are pretty cool to play with. You will eventually come across the plugin’s automated backup feature. Here’s the thing, this feature only will back up the database and not the files. So please get the backup plugin I’ve mentioned above.

Going Deep Cover with Your Admin Login PageBWS Plugin - IntelWizard

I’ve mentioned that you can change your admin login page, now I can show you how to add another layer of security
even if hackers have found your admin login URL.

Adding Captcha at the login page will also protect your site from Brute Force Attacks (DDoS).

To integrate Captcha in your admin’s login page, simply download BWS Plugins. This will control and reduce the amount of spams coming into your site’s admin login area. Only if they can find your URL first.

Install a Firewall To Prevent attacks SQL/Java Injection

Security plugins can only protect your site on the outside. What about SQL/Java malware injections? Installing a OSE Firewall aka Centrora Security will block any attacks coming from the inside especially SQL/Java malware injections.
OSE Firewall aka Centrora Security

Using the Better WP Security and OSE Firewall is the best combination when it comes to defending your website.

This security firewall plugin has built-in scanners for your blog. It will notify you if there are any suspicious codes. There’s also this new anti-spam feature.

Other Security Measures You Should Consider Too

Blocking Search Engine Spiders from Crawling and Indexing the Admin URL To Prevent Hacks Attempts and Other Malicious Intents

It is normal when search engine spiders crawl and index your entire blog. Unless, they are told not to do so. But here’s the thing, you do not want Search engines to index your admin login page. Why would you want search engines to index your admin page when you’re trying to hide your page from everyone? Especially from hackers.

Note: Indexing your admin login page will allow search engines to show your admin login URL and page in the search rankings.

There’s a way to do this. In fact, it’s the easiest way. Create a “robots.txt” file in your root directory. Then all you have to do is Copy and Paste the codes below into the file:

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

That’s all to it. Then hit save!

Delete Unnecessary Plugins and Themes

So if you are having any unnecessary plugins or themes, delete them at once. Because if the plugin or theme has been hijacked then it can be a gateway for hackers to access your site using the plugin or theme.

At the same time, you can reduce the load on your website and speed up the site’s load speed.

Have You Done It? What Are You Waiting For?

Ladies and gentlemen, I’m dead serious when I said “you do not want to learn this the hard way” Sometimes, your website may be a total lost because you didn’t have a backup of your site at all since you started your site.

Mark my words, if you do not take this articles advice seriously. You will face bigger problems than I can imagine in the future.

This won’t take much of your time to strengthen your site’s security. Start doing something about your site’s security now!

Wrapping It Up

For you and your website’s sake. DO NOT ignore this article’s advice.

Reinforcing your website’s WordPress security is not as simple as installing a few security plugins and then go relax at the beach.

You have to tweak everything and make sure you’re doing more than just installing that few security plugins to keep your WordPress Security tight.

Ironically, it is the smallest items that you missed and that would be the hackers loophole to inject whatever they want into your website just for fun or competition. So make sure you do not leave anything out. Anything at all to prevent yourself getting into a really messy situation.

If you guys have other ways of securing your website or blog, care to share? Do you prefer my plugins or do you use and prefer other security plugins? Feel free to share your thoughts in the comments below!

Tell us your feedback!