Setting up a WordPress website, making it search engine optimized, improving it day by day, and to make it hack proof – it’s all interlinked. The better your website is, the more it is vulnerable to hackers however, nobody can guarantee your website would be hack proof (as there are numerous Government sites that get hacked every now and then) but it can be worked on to minimize the hacking risks.
Before you make any changes to your WordPress website, you should make sure that your website is properly working and take its complete backup.
Delete the default “Admin” account
The favorite hacking target of hackers is the obvious account names. If your WordPress site has account names like “admin” or “administrator”, first make a new account with a different username and give it all the admin access. Then login using this new name and delete the previous obvious account names.
Change Admin passwords every 3 months
It is best to go for strong passwords, which are at least eight characters long and is a combination of lowercase and uppercase letter, number, and some special symbol. Don’t use words having meanings, for instance, “PlskjO%32.”
Delete Unwanted Plugins and Themes
Deactivating plugins and themes isn’t enough. If a plugin has some malicious code, it can still bring harm to your website while in deactivated state.
Keep Updating Your Themes, Plugins, and WordPress Files
Outdated plugins and WordPress files are among the top reasons of WordPress website hacking and a reason for Malware attacks. You can see the new updates on your WordPress dashboard and should update them as soon as you see them there pending waiting for your approval.
Scan Your Computer for Viruses and Keep Updating Your Anti-Virus Software
In numerous cases, it is seen that sites are compromised through local environment like desktop, notebooks, etc. This is the reason why you should take few minutes out to run an antivirus and make sure it is up to date. It does not matter how frequently you clean your WordPress website, if your computer isn’t clean, your website can get re-infected easily.
Change Your CPANEL Password Once Every Six Months
Mostly people don’t realize or simply forget this important step. You should change your hosting provider’s admin account or CPANEL password to make sure a hacker doesn’t hack through this tunnel.
Change Yout FTP, SFTP, SSH etc. Passwords Once Every Six Months
FTP accounts exist on your host server and they let admins and programmers to copy the files straight to your site. It is like your website backdoor. Similar to admin passwords, this should be a strong one.
Change WordPress Database Password
You can change this password through admin panel or CPANEL of your host server. Once, the password is changed do update the WordPress configuration file “wp-config.php.” This isn’t done automatically so you should know how the file is opened and edited manually. If you don’t know how to make changes in database and the configuration files, take help from your website developer.
Remove Unused Website Directories & Sub-directories
A number of times old themes, plugins, and content management system become a cause of malware. It is ideal to get rid of old site and sub-directories if you aren’t using them.
Change File Permission on Core WordPress & Server Files
This tip is for advanced admins and users and if you aren’t aware of how to change the file permissions do not make an attempt since it may lead to locking out anybody from accessing your website.
You must change these 5 files permissions once you install WordPress on your server using the File Permissions lay down by WordPress:
The last four tips mentioned above are for professional people and if you aren’t really sure on how to carry out these 4 steps properly, you should take some professional help or contact your website developer. It is highly recommended to use any WordPress maintenance service, for instance, WP-Monitor, which allows automatic daily backup, cleaning of Malware, and restoration of site when needed.