Infographic: How to protect WordPress from hackers and boost security by 1000 %

The best WordPress security tips from top experts

If you implement these simple tips how to protect WordPress from hackers, you can boost your WordPress security by 1000%.

No technical skills required.

Easy to implement.

How to protect WordPress site from hackers:

Infographic: How to protect WordPress from hackers and boost security by 1000 %

How do WordPress sites get hacked?

How do WordPress Sites get hacked

Source: WordPress Templates

Signals that your WordPress site has been hacked

Signs that your WordPress site has been hacked

Source: WordPress Templates

Why is WordPress vulnerable?

Why is WordPress so vulnarable to hackers

Source: WordPress Templates

Screenshots how to setup security plugins for maximum results

1. Install BackWPup, UpdraftPlus or any other backup plugin and run an automatic daily full site backup to a remote location (Dropbox, Google Drive, Amazon S3 etc.)

2. Install iThemes Security (or other similar plugin), go to settings and for maximum security:

  • Enable Blacklist Repeat Offender

enable in WordPress iThemesecurity blacklist repeat offender

  • Enable 404 detection

enable 404 detectoion in ithemes security

  • Enable HackRepair.com’s blacklist feature

in iThemesecurity Enable hackrepairscom blacklist feature

  • Enable brute force protection

Enable brute force protection

  • Enable File Change detection

Enable File Change detection in iThemesecurity WordPress

  • Enable the hide backend feature

hide backed in your WordPress

  • Enable malware scanning

Enable malware scanning in ithemesecurity

  • Enable force SSL if you use SSL on your site

Force SSL login for dashboard

  • Enable strong password enforcement and select role Subscriber

Enfore Strong passwords for all users in wp

  • Enable everything in System Tweaks (Don’t forget to test your site!)

Check everthing in System tweaks in Ithmesecurity

  • Enable everything in WordPress Tweaks (Don’t forget to test your site!)

Enable everything in WordPress Tweaks iThemesecurity plugin

After you enable these security settings – test, test, test!

If anything causes problems, disable it.

If your site is brand new and you know what you are doing, go to Advanced section, change database table prefix, and WordPress content directory.

2. Install WordFence plugin.

  1. Go to Options and in Basic Options, enable firewall and automatic scheduled scans.

Enable firewall in WordPress

Enable scheduled scans in WordFence

  1. Go to Advanced Options and enable everything in Scans to include section.

Enable everything in scans to include wp

Summary of the most important WordPress security steps

As you have noticed from the infographic above, WordPress Security depends a lot on your personal cyber-security.

So, make sure all your personal and work devices are safe:

1. Always keep operating system and software on your PCs, Macs and mobile devices up to date.

2 .While working from unsafe locations like airports or internet cafes don’t login into WordPress, don’t send emails and passwords.

Networks at airports and public WiFi spaces are not protected, so just about anybody can start monitoring and reading your traffic.

3. Regularly run anti-virus scans on all of your personal devices.

4. Keep your browsers up to date.

5. If you browse untrusted sites like torrents or some suspicious networks turn off javascript, flash and java in your browser.

Outdated or old plugins, themes and WordPress core can get you hacked

1. Always update WordPress core, Plugins and Themes as soon as a new version is out.

Literally, update everything the minute you learn that there is a new version.

2 .Install free plugins and themes only  from WordPress.org repository.

To get into WordPress repository, all plugins and themes undergo an internal quality control process.

Free plugins and themes from other sites have not been checked by anybody.

This means such plugins can crash or infect your site with viruses.  

This also means that they don’t necessarily comply with WordPress standards and requirements and can damage your site later when an update of any other plugin, theme or WordPress core comes out.

3. Install premium plugins and themes only from trusted vendors.

It’s the same story as with free plugins.

Premium plugins from obscure unknown companies can infect or crash your site no matter how much you have paid for them. 

4. Don’t install “free“ premium plugins and themes from torrents and other suspicious sites.

Such free premium plugins are not actually free, you will have to pay later, but at a much higher rate.

Hackers often infect and put premium plugins on torrents for free.

Imagine what will happen with your WordPress after you install such plugin and how much you will have to pay to get everything back.

Take care of passwords, hosting and network

1. Host your site with a reliable and trusted hosting
company.

Don’t run after the cheapest deal.

Cheap hosting might mean slow site speed and higher security risks.

Your hosting company is the one which is entrusted with server security and server software updates.

2. Move away from shared hosting as soon as you can afford it.

Shared hosting can be quite risky.

If one site on a shared hosting server gets infected, your site can also get infected even if it is perfectly secured.

So, as soon as it makes sense move to VPS or dedicated hosting.

3. Use strong passwords.  Your passwords should be difficult, long and impossible to guess.

4. Use SFTP instead of FTP while connecting to your server.

After you have implemented these simple tips how to protect WordPress from hackers, all common forms of WordPress vulnerabilities will be gone.

Your site will be up to the best WordPress security standards!

Do you have something to add? Please, share your ideas in the comments section.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

How much is Time limit is exhausted. Please reload CAPTCHA.