What’s Security ? According to wordpress codex, “Fundamentally, security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.”
How to protect WordPress Site from hacker ?
There are few things to do to protect hacker from hacking or spamming your website.
Trusted Web Hosting
If you don’t have a trusted web hosting , you are finished ! Your site will be hacked regularly. Fortunately, almost every web host is bulletproof. Although there are scam hosting company. keep your eyes open. It’s their business and responsibility to keep our site healthy. There are many hosting around, better choose unlimited plan with SSL security if you have eCommerce functionality. Now-a-days there are “Managed WordPress Hosting” they really worth it. Superb speed and top-notch security. I personally use “BlueHost Unlimited Hosting” It’s superb. Besides, for managed WordPress Hosting plan , go with GoDaddy.
Vulnerability in WP
To make life easier, most hosting come up with Auto WordPress installation. Make sure your site is updated to the latest app. Also keep your eyes on WordPress news on your site dashboard’s news section.
Themes and Plugins Vulnerability
Check your themes especially PHP and JS files regularly. Sometimes hackers can inject malicious code into header, footer or index files. To make things easier use this awesome plugins
Web server Vulnerability
Last year there was a massive hosting hack happened. Mine too was compromised. Definitely web host had the vulnerabilities. Syrian Electronic Army was behind it as they claimed. But personally i believe it was from Russian. So always back up your data, database and custom settings if there is any.
Check your ISP is not monitoring yours computer or somebody hacks you remotely. Using Wi-Fi , Bluetooth , you can be hacked. Your computer is hacked means your life is hacked. Not only your WordPress site, but also every possible things belongs to you. So be careful !
FTP File permissions
You should ask your hosting tech guy before doing it or if you need any concept. cause this thing is quite advanced. For example, without knowing you make your wordpress directory public, then you are open as international water. means your site is “hackable” even to a 5 years old boy ! You don’t have to be worried cause every WordPress directory in your hosting is set as private or read only.
This is really a primary matter. You should not user your name or phone number or your girl name as pasword, then your passwords are easy to guess. Try something hard , non predictable , at least 10 alphanumeric digits with special characters. Right now WordPress has password generator. If you need to generate password, try one of the online password generator tools. Here is the one you can try.
If you are database pro or good at MySQL, then you will see any unwanted query in your database. Check everyday. Also make sure you are backing up database everyday.
Securing core WP directory
It’s important. Now a day WordPress is sweet target. I’ve faced many times the odds. Someday you will see there are many empty files in PHP extension some are named database.php , css.php etc. They are malicious. Delete them. May be one of your plugins or themes is compromised. Also perform a wp-admin and wp-include replaceing job. Just delete these folders , then upload them fresh from your new wordpress download. If your host is not support drag and drop , then zip it before uploading.
Install Security Plugins
There are few very very good plugins for security checkup and live protection. SUCURI is best for malware scanning and blocking few vulnerabilities. Besides there are Wordfence, ithemes security [formerly BWS] , All In One Wp Security etc. There have also some premium features. Just don’t get confused choosing them, just go with one of them just like i did. I chose iThemes Security . Check out top security plugins reviews here.
Vulnerability on Your PC
This is interesting and really really depends on you. Your PC should be protected by latest antivirus. And perform scanning regularly. It’s as simple as drinking water.