13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

How can a non-programmer keep his WordPress site secure?

by James Liberty
13 replies
I don't know much about programming, but I'd like to make my WordPress site secure. Is this possible without spending hours and hours studying programming? If not, do you happen to know of an inexpensive Fiverr gig or something that would put my site on lock-down? Any recommendations?
#nonprogrammer #secure #site #wordpress
  • Profile picture of the author johnlagoudakis
    Hello James,

    Yes, you can secure your wordpress website by using some plugins like iThemes Security (formerly Better WP Security), Wordfence Security or Wpsiteguardian. Also use username and password characters that is strong use lowercase and uppercase together with number and signs.
    Signature
    Need help getting more leads and sales? *** Click here to work with me ***
    {{ DiscussionBoard.errors[10642121].message }}
    • Profile picture of the author James Liberty
      Originally Posted by johnlagoudakis View Post

      Hello James,

      Yes, you can secure your wordpress website by using some plugins like iThemes Security (formerly Better WP Security), Wordfence Security or Wpsiteguardian. Also use username and password characters that is strong use lowercase and uppercase together with number and signs.
      I have Wordfence installed... and I still got hacked. In fact, I paid someone on Fiverr to clean both of my websites... and both sites were hacked again three days later. For a dude who just wants to start a blog, it's pretty infuriating. (So far I've spent seven hours dealing with malware, and zero hours writing).

      Can anyone recommend a gig (or a service) that can clean-up and secure my sites for cheap?
      {{ DiscussionBoard.errors[10666257].message }}
  • Profile picture of the author Joe Ray
    Originally Posted by James Liberty View Post

    I don't know much about programming, but I'd like to make my WordPress site secure. Is this possible without spending hours and hours studying programming? If not, do you happen to know of an inexpensive Fiverr gig or something that would put my site on lock-down? Any recommendations?
    Wordpress sites get hacked all the time. Every year there is some news about WP plugins with security vulnerabilities. Usually, hundreds of thousands or even a million WP sites are affected by the time they discover the vulnerabilities.

    Last year a whole bunch of WordPress Plugins were vulnerable to Cross-site Scripting (XSS). It was due to the misuse of the add_query_arg() and remove_query_arg() functions. These are some very popular functions used to modify and add query strings to URLs within WordPress.

    This is the list of plugins that were affected last year:

    Jetpack
    WordPress SEO
    Google Analytics by Yoast
    All In one SEO
    Gravity Forms
    Multiple Plugins from Easy Digital Downloads
    UpdraftPlus
    WP-E-Commerce
    WPTouch
    Download Monitor
    Related Posts for WordPress
    My Calendar
    P3 Profiler
    Give
    Multiple iThemes products including Builder and Exchange
    Broken-Link-Checker
    Ninja Forms

    I have no idea why anyone would want to use Wordpress...
    Signature

    {{ DiscussionBoard.errors[10642311].message }}
    • Profile picture of the author James Liberty
      Originally Posted by Joe Ray View Post

      I have no idea why anyone would want to use Wordpress...
      What low-cost content management system is better and more secure?
      {{ DiscussionBoard.errors[10666280].message }}
      • Profile picture of the author Joe Ray
        Originally Posted by James Liberty View Post

        What low-cost content management system is better and more secure?
        Just about anything is more secure than Wordpress. In any case, you mentioned "low-cost", that's the problem right there. You get exactly what you pay for.

        I can't really recommend any CMS for you because I develop my own CMS.

        It really depends on the site what the best security solution is for you. There are ways to create secure sites for low-cost. Again, it depends on the site.

        I don't know anything about your website so I can't help you. If you want, you can pm me, perhaps I can suggest something if I know the details.
        Signature

        {{ DiscussionBoard.errors[10666383].message }}
  • Profile picture of the author nikku
    Using security plugins are the best option to integrate and keep the website secure. But apart from this you must also have the secured server where you are hosting your website such as HTTPS protocol.
    {{ DiscussionBoard.errors[10647228].message }}
  • Profile picture of the author kingjpm
    For any upload folders make sure only content goes in there allowed,
    depending on your web server you can configure per directory to only allow certain files

    drop .htaccess file in the upload directories...sure they have some scripts that are written for this purpose already

    you don't want files upload to the server that can gain access to your hosting account
    Signature
    RogueDen.com
    {{ DiscussionBoard.errors[10648199].message }}
  • Profile picture of the author aviarhost
    1. Install each WordPress update as soon it becomes available.
    2. Keep the number of Plugins on you site to a minimum and ALWAYS DELETE - not just disable - those plugins no longer in use.
    3. Upgrade the plugins on your site as soon as updates become available.
    4. Choose difficult passwords and change them regularly.
    5. Back up your site data daily, weekly or monthly, depending on how often information changes on your site.
    6. Use .htaccess to protect your WordPress site. -- If you are not comfortable with code - ask your WP Developer to show you how to do this, or have your developer do it for you.

    Once these site 'hardening' practices are in place, it is time to look at Security plugins to monitor your WordPress core files and traffic.
    {{ DiscussionBoard.errors[10655270].message }}
  • Profile picture of the author eluminoustechnologies
    I would recommend you to go with All In One WP Security & Firewall plugin. It is the best and you won't need to worry about your website's security at all.
    Signature

    Team eLuminous
    Front End Development |
    Web Application Development Company |
    Hire SEO experts

    {{ DiscussionBoard.errors[10655420].message }}
    • Profile picture of the author James Liberty
      Originally Posted by eluminoustechnologies View Post

      I would recommend you to go with All In One WP Security & Firewall plugin. It is the best and you won't need to worry about your website's security at all.
      Can anyone confirm this? (I had WordFence and BPS Security installed and still got hacked).
      {{ DiscussionBoard.errors[10666279].message }}
      • Profile picture of the author Mark Singletary
        Originally Posted by James Liberty View Post

        Can anyone confirm this? (I had WordFence and BPS Security installed and still got hacked).
        Anyone that says that X software will 100% protect anything just simply doesn't know what they are saying.

        Yes you'll get hacked again no matter which software you use if you are reckless in how you do things or if your host doesn't take security seriously. Which host are you with?

        Getting hit multiple times may have to do with:
        • A plugin with security vulnerabilities
        • Your Fiverr guy may not have cleaned things properly
        • Your host may be bad security wise
        • Your password may have been compromised
        That's a start of things to look at.

        Are you taking action on any of the advice you are getting? I've seen at least a couple threads from you about this problem.



        Mark
        {{ DiscussionBoard.errors[10671527].message }}
        • Profile picture of the author James Liberty
          Originally Posted by Mark Singletary View Post

          Which host are you with?
          I use Arvixe.
          I'm thinking about moving to Blogger so I won't have to worry about security at all. Then, when my site grows large enough and I can afford better WordPress security, I will make the change back to WordPress. (Good idea? Bad idea?)
          {{ DiscussionBoard.errors[10671634].message }}
  • Profile picture of the author raman231233
    [DELETED]
    {{ DiscussionBoard.errors[10669021].message }}
  • Profile picture of the author element121
    Have a look at a dedicated WordPress host like FlyWheel.
    If your site get's hacked they fix it for free:
    https://getflywheel.com/why-flywheel...ress-security/
    Signature
    http://element121.com
    {{ DiscussionBoard.errors[10671517].message }}

Trending Topics