How do I stop my WordPress website from being hacked?

This is a question we get asked a lot, and the answer is quite simple, you can’t! I don’t mean to sound so negative, but that’s essentially the truth.

WordPress has been around since 2003 and is the most widely used website platform on the internet, reportedly running around one-third of the world’s websites, as it has been around for such a long time and used on millions of websites its well known to developers, designers and unfortunately hackers.

And that is the problem; it’s popularly means as soon as a vulnerability is found the excellent WordPress developers patch it and release an update to the community, including hackers, who then know of the vulnerability and can use that knowledge to find WordPress sites that are yet to install the update.

I’ve been working with WordPress for many years and have come across far too many hacked sites in my time. There are numerous reasons for a website getting hacked, but the number one is down to old software, whether that be WordPress itself, a plugin that hasn’t been updated or the hosting server software.

How can I keep my WordPress website up to date?

As mentioned above the number one reason for a site being hacked is down to out of date software.

WordPress gets updates regularly, often monthly, especially when a major new version is released. Likewise plugins you may have installed on the site get fixes and updates regularly too. It’s essential to update these as often as you can, at least monthly if possible.

It’s pretty straight forward to update a WordPress website; the platform tells you when something needs updating, keep an eye on the Plugins option on the left if you see a red circle with a number in it that means you have that number of plugins that need an update. Likewise, at the top of the WordPress admin area, you’ll be notified if WordPress also has an update.

A few clicks are all it takes to upgrade plugins, themes and WordPress. Before you update anything, be sure to take a backup, in case something goes wrong!

Recommended WordPress plugins to help minimise hacking

Although it’s impossible to stop all hackers, keeping your WordPress site updated and the hosting server software upgraded means you are much less of a target.

But hackers will still try, so we recommend installing a couple of great free plugins to help further minimise the risk and make it harder for hackers to get into your site.

Wordfence
The first is Wordfence, an excellent firewall platform which comes with lots of extra features. It can help stop brute force attacks, where automated bots bombard your site with login attempts, a common way for hackers to try their luck.

It also has options to ensure stronger passwords, enabling two-factor authentication and many other features free of charge. They have a paid version too which goes even further by linking into their global network, if one WordPress site is being attacked, all sites in their paid network will instantly be protected from the same source.

Sucuri
Another free plugin that helps stop malicious file uploads and hides some aspects of your WordPress site, such as its version number from being found.

Sucuri also offers a paid firewall service, which is well known throughout the industry, but a combination of this and Wordfence free plugins is a great starting point for any WordPress site looking to stay more secure.

Can we help you keep your WordPress site updated?

This time the answer is definitely yes!

Our WordPress maintenance service includes monthly plugin, and WordPress upgrades performed multiple times per month, as well as uptime monitoring and optional hosting with daily backups, starting at just £49 per month. If you feel your WordPress site needs some updates, check out the full maintenance package options here or give us a call to discuss your requirements.