How to avoid WordPress website hacking?

22 replies
  • WEB DESIGN
  • |
Website design is a unique and creative field, website designer has to do lot of research to create a unique website, because every time customer wants to see unique and customized websites. Static websites are tough to edit or modify any changes so most of the web designers or web developer goes to Content Management System.

Design a template and put it in any CMS system, it is a easy way to make the work in less and future changes also takes less time. For this situation WordPress is the best suitable option. But hacking is the serious problem here. Even premium themes also getting hacked. How to avoid or overcome this WordPress Hacking issue as a web designer or a developer?
#avoid #hacking #website #wordpress
  • Profile picture of the author wolff33
    I've used Wordfence for a couple of years and like it. They also send helpful emails to help keep me up to date with cyber attacks...
    {{ DiscussionBoard.errors[10790233].message }}
  • Profile picture of the author Tanzil Ahmad
    Originally Posted by stefy christina View Post

    Website design is a unique and creative field, website designer has to do lot of research to create a unique website, because every time customer wants to see unique and customized websites. Static websites are tough to edit or modify any changes so most of the web designers or web developer goes to Content Management System.

    Design a template and put it in any CMS system, it is a easy way to make the work in less and future changes also takes less time. For this situation WordPress is the best suitable option. But hacking is the serious problem here. Even premium themes also getting hacked. How to avoid or overcome this WordPress Hacking issue as a web designer or a developer?
    As we are software and IT company i will recommend you use PHP to get rid from hacking problem. if you need we can help you on making a unique design and development on your desire choice.

    Thanks from
    bdtask
    {{ DiscussionBoard.errors[10790735].message }}
  • Profile picture of the author alibd654
    You need to follow following things:
    01. Use wordpress plugin called "All In One Security Plugin",
    02. You might change your WPlogin url , Like www.yourdomain.com/wp-admin to www.yourdomain.com/custom
    03. You captcha plugin.
    {{ DiscussionBoard.errors[10791575].message }}
  • Profile picture of the author 3wCorner
    Use better security plugin or other security plugin.
    Use strong passwords and login authentications(e.g. sms codes).
    {{ DiscussionBoard.errors[10793501].message }}
  • Profile picture of the author riztechpro
    Yes using a captcha and using some security plugins like Wordfenc and All in one security is the best option to avoid being hacked. So hosting providers also provide security check.
    {{ DiscussionBoard.errors[10793854].message }}
  • Profile picture of the author imnathanjames
    Wordfence works like a charm for me.
    It's free for the basic account but the paid version has raised in price, think it's now $8.50 a month.

    You get emails when someone tries to log in, and on the paid version you can block by country etc.

    Very good plugin!
    Signature

    My mission to escape the factory grind http://imnathanjames.com

    {{ DiscussionBoard.errors[10803733].message }}
  • Profile picture of the author ohnoeedidntt
    If you're gonna pay for the security, your web host might offer an affordable solution. There are also some great free plugins out there
    {{ DiscussionBoard.errors[10803824].message }}
  • Profile picture of the author CyberDav
    Use the wordfence plugin and set a custom admin login url.
    {{ DiscussionBoard.errors[10804599].message }}
  • Profile picture of the author vikash_kumar
    This issue with all kind of sites and not specifically WordPress. On any plateform there are few fundamental aspects which needs to be taken care. Like:

    1) Timely offsite backup (On Some other server like Amazon S3)
    2) Frequent updates of Core, Plugins and themes
    3) Some tweaks in the default nature of the software. e.g. change of Login URL
    4) Avoid simple username like "admin"
    5) Avoid simple passwords.

    These simple tweaks makes it difficult to make it into the site and the hackers don't like hard work as we do.

    Hope it helps.

    Vikash
    {{ DiscussionBoard.errors[10805220].message }}
    • Profile picture of the author stefy christina
      Originally Posted by vikash_kumar View Post

      This issue with all kind of sites and not specifically WordPress. On any plateform there are few fundamental aspects which needs to be taken care. Like:

      1) Timely offsite backup (On Some other server like Amazon S3)
      2) Frequent updates of Core, Plugins and themes
      3) Some tweaks in the default nature of the software. e.g. change of Login URL
      4) Avoid simple username like "admin"
      5) Avoid simple passwords.

      These simple tweaks makes it difficult to make it into the site and the hackers don't like hard work as we do.

      Hope it helps.

      Vikash
      You suggested very valuable points which are the key players in keeping our WordPress website safe. Yes we should take backup of website on regular intervals if not it will create main issue.
      {{ DiscussionBoard.errors[10810848].message }}
  • Profile picture of the author AlfredX
    Wordfence + Jetpack all the way!
    Also, limit your login attempts!
    Signature
    There are no limits.
    {{ DiscussionBoard.errors[10805253].message }}
  • Profile picture of the author NKM Dony
    1. At first Use STRONG password like: XyL08#$Yal$nY&21
    2. Use security plugin
    3. Use capture plugin
    Signature

    I will Build Latest Wordpress webiste or Blog

    {{ DiscussionBoard.errors[10806009].message }}
  • Profile picture of the author mnbv10
    [DELETED]
    {{ DiscussionBoard.errors[10806394].message }}
    • Profile picture of the author stefy christina
      Originally Posted by wolff33 View Post

      I've used Wordfence for a couple of years and like it. They also send helpful emails to help keep me up to date with cyber attacks...
      Originally Posted by 3wCorner View Post

      Use better security plugin or other security plugin.
      Use strong passwords and login authentications(e.g. sms codes).
      Originally Posted by riztechpro View Post

      Yes using a captcha and using some security plugins like Wordfenc and All in one security is the best option to avoid being hacked. So hosting providers also provide security check.
      Originally Posted by CyberDav View Post

      Use the wordfence plugin and set a custom admin login url.
      Originally Posted by AlfredX View Post

      Wordfence + Jetpack all the way!
      Also, limit your login attempts!
      Originally Posted by mnbv10 View Post

      add new plugin - duplicator or updrawf plus for backup
      We have used WordFence Free version and paid version too.
      In paid version or premium wordfence plugin they are offering services to single website only means single licence which is bit expensive. They are also getting hacked and not solved the issue properly.

      We used security ninja premium version too, no result. They are asking to purchase add-on plugin also which are costly and not serving the need.
      {{ DiscussionBoard.errors[10810845].message }}
  • Profile picture of the author ddev
    Loginizer can help you to stop brute force attacks.
    Signature
    [2016] WordPress Plugins With PLR
    The Secret Site Used By TOP Marketers!


    {{ DiscussionBoard.errors[10806556].message }}
  • Profile picture of the author pxljobs
    In the following way you can prevent word press site update the word press version,check word press is hacked,change admin user login name,secure the word press file permission,back up the website.
    {{ DiscussionBoard.errors[10869824].message }}
  • Profile picture of the author Patrick
    DO NOT USE A SECURITY PLUGIN.

    Keep in mind, the folks making those so called "security plugins" try to show you that they are doing serious work, but instead they are mesmerizing you to buy their pro version. I don't know why so many people are recommending it, they probably think that "security" means using a plugin and problem is solved, but its the other way round.

    Here are the simple steps to ensure your WordPress website is never hacked.

    1) Make sure you keep your WordPress core, themes, plugins updated.

    2) Remove all the themes and plugin you don't use ( yes even the twentyten to sixteen themes or whatever you have in the backend). Keep only the plugins and themes that you need.

    3) Create a strong password and write it down somewhere, like as a note in your mobile phone or wherever you think its secure and you won't lose it.

    4) Never make a password involving dictionary words.

    5) You "can" install a limit login attempts plugin, but that's your choice, optional, not REALLY needed.

    6) Change the username of the admin login from admin to something else, there are many ways to change it, either through plugin or database (I would recommend database way).

    7) Make a backup every WEEK. Keep a weekly reminder on your mobile phone that you have to create a backup today. Download those backups to your local hard drive. Remove the ones which are old. Atleast keep the last 4 backups just for being on the safe side.

    If you follow the above steps, you won't need any plugin or some so called "security force".

    One more point..

    8) Make sure you are using a reliable host, I have seen a lot of clients coming to me saying that their WordPress got hacked, and when they asked their hosting provider about it, they recommended him to "upgrade", a clear sign that they are trying to fish out more money from them.

    For more info about security read this https://codex.wordpress.org/Hardening_WordPress
    {{ DiscussionBoard.errors[10870411].message }}
    • Profile picture of the author stefy christina
      Originally Posted by Patrick View Post

      DO NOT USE A SECURITY PLUGIN.

      Keep in mind, the folks making those so called "security plugins" try to show you that they are doing serious work, but instead they are mesmerizing you to buy their pro version. I don't know why so many people are recommending it, they probably think that "security" means using a plugin and problem is solved, but its the other way round.

      Here are the simple steps to ensure your WordPress website is never hacked.

      1) Make sure you keep your WordPress core, themes, plugins updated.

      2) Remove all the themes and plugin you don't use ( yes even the twentyten to sixteen themes or whatever you have in the backend). Keep only the plugins and themes that you need.

      3) Create a strong password and write it down somewhere, like as a note in your mobile phone or wherever you think its secure and you won't lose it.

      4) Never make a password involving dictionary words.

      5) You "can" install a limit login attempts plugin, but that's your choice, optional, not REALLY needed.

      6) Change the username of the admin login from admin to something else, there are many ways to change it, either through plugin or database (I would recommend database way).

      7) Make a backup every WEEK. Keep a weekly reminder on your mobile phone that you have to create a backup today. Download those backups to your local hard drive. Remove the ones which are old. Atleast keep the last 4 backups just for being on the safe side.

      If you follow the above steps, you won't need any plugin or some so called "security force".

      One more point..

      8) Make sure you are using a reliable host, I have seen a lot of clients coming to me saying that their WordPress got hacked, and when they asked their hosting provider about it, they recommended him to "upgrade", a clear sign that they are trying to fish out more money from them.

      For more info about security read this https://codex.wordpress.org/Hardening_WordPress


      I do agree with you that we have to be careful with security plugins and i have purchased tried almost all major security plugins which are available in themeforest as premium version. We bought them for high price and no such effect was appeared. May be they are stealing our data. So we will aware of this fact.
      {{ DiscussionBoard.errors[10910817].message }}
      • Profile picture of the author katefeesh
        Originally Posted by stefy christina View Post

        I do agree with you that we have to be careful with security plugins and i have purchased tried almost all major security plugins which are available in themeforest as premium version. We bought them for high price and no such effect was appeared. May be they are stealing our data. So we will aware of this fact.
        Agree with Patrick and Christina. Though I wouldn't go as far as to say don't use security plugins, I think security plugins are harmful to the community because of the false sense of security they give. People only figure this out after they get hacked right through the mishmash of 'security' plugins and have to rebuild their sites again. Even the pro versions. I usually recommend web application firewalls because they filter traffic at the level of deep packet inspection. Most WAFs filter by pattern-matching and the more advanced ones use logic-based detection. Does anyone know how exactly plugins like WordFence filter traffic?
        {{ DiscussionBoard.errors[10942403].message }}
  • Profile picture of the author Claire Anderson
    A WordPress survey report was launched a few months ago that almost 16000 websites were hacked in 2016 and the main reason was that most of these websites were using outdated plugins.

    You can check this article for more detail:
    5,769 hacked WordPress websites in 2016 and their security solution

    Hackers steal the sensitive user data from the websites and sometimes they add malicious code in the website. Every website needs to strengthen their security, to block the hackers attack, otherwise you might start distributing virus to other users.
    Signature
    {{ DiscussionBoard.errors[10918812].message }}
  • Profile picture of the author Martin smith
    Use Secured plug-ins,
    Frequently change your Login id and passwords,
    Take back up of your website...
    {{ DiscussionBoard.errors[10918959].message }}
  • Profile picture of the author Claire Koch
    Robert planks backup creator. You make a copy of your site so who cares just reupload
    {{ DiscussionBoard.errors[10921120].message }}
  • Profile picture of the author Logoguts
    Keep updated all plugins. Hackers most of the time use outdated plugins those are installed on your website.
    Signature
    {{ DiscussionBoard.errors[10944216].message }}

Trending Topics