Whats the Best way to Protect Wordpress Website from Getting Hacked.

Verve-Innovation

Hi All,

I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot.  I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.

Thanks

O2C

A more detailed explanation of how you are getting hacked might help

Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?

The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?

It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.

Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.

Thanks

gowebsol

Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.

For preventative measures for anyone with a WP site, I recommend the following:

• Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
• Remove admin account and any other "easy" usernames
• Give all WP users strong passwords
• Use strong FTP passwords
• Don't install any plugins you don't need
• Update everything often! This is the best way to avoid problems.
• Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.

In your case, I'd do the following:

• Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
• Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
• Remove un-needed FTP users, change all FTP passwords
• Audit your plugins and get rid of all you don't need
• Keep your plugins, themes, and WP updated.

Hope this helps. It's easier than it sounds when your get a system going.

Joey