Protect your WordPress site from being hacked – Here are some tips
Some customers sites from time to time get hacked. Here is the reasons why and how to prevent that from occuring.
- Within cPanel always ensure your Modsecurity ruleset is enabled. This can be done by searching for modsecurity and enabling it on all sites.
- Always ensure your WordPress Install, Plugins and Themes are fully updated at all times. Check once a month or so just to be sure.
- Secure the Login Page and Prevent Brute Force Attacks. Modsecurity already has built in protection but it always helps having a second level of protection in case. We recommend installing Wordfence free version.
- Ensure you are using a strong password – preferably longer than 8 characters and a combination of Uppercase, lowercase and numbers at the very least.
- Enabled the FREE letsencrypt SSL feature to encrypt your data
- Always ensure your contact us page, comments boxes, registration pages has some sort of strong captcha installed. For example Googles Recaptcha plugin for WordPress.
- Change the WordPress database table prefix
- Set strong passwords for your database when installing it or reset it withing MySQL Databases icon and update your wp-config.php file with the stronger password.
- Disallow file editing by adding the following to the wp-config.php file : define(‘DISALLOW_FILE_EDIT’, true);
- Set directory permissions as per WordPress’s Guidance – https://codex.wordpress.org/Changing_File_Permissions
- Disable directory listing with .htaccess
- Remove your WordPress version number – Usually just look for a plugin in the plugin Manager that can perform it. Would be under Security but there are many to choose from.
Using the above techniques will make it extremely hard for any hacker to hack your site. Always perform some sort of security when installing any website, WordPress or not.
We hope some of the above tips help some of our customers.