Learning Hub | Maintaining Your Website

Three tips to keep your WordPress site from being hacked

May 31, 2014 | Jon Teodoro

If you’ve ever had your WordPress site hacked before, you know how much of a hassle it is to get it back up and running. Due to the user-friendliness of WordPress and huge support via plugins and forums, it has gained popularity as one of the most common content management systems to date. Despite this, security (as with any other kind of content management system for that matter), is a very commonly overlooked issue.

Security should always be a top priority for anyone who keeps their data online, however, in light of the recent the Heartbleed bug and large-scale security breaches like Target’s credit card hacking dilemma, the issue of security has been propelled into the mainstream spotlight. In numerical terms, it is estimated by Forbes that almost 30,000 websites get hacked every day. That equates to under one million websites per month. With all this malicious activity happening on the internet, how do you as a business owner, protect your business and your brand? Here are three tips:

1. Update, update, update

Having personally managed hundreds of WordPress websites, this is the most common task that self-managing web masters overlook. It can be easy to forget about these things, especially when you have  an entire business to run. Updating your WordPress software takes care of many crucial things like bugs, security vulnerabilities and loopholes. Always monitoring your software updates applies to plugins too so this should be something you should not skip out on.

2. Check your sources

If you are utilizing some type of theme, framework or plugin in your WordPress website development process, do research on who developed that particular piece of software. Read through the author’s reputation, check the plugin or theme rating and if you are able to, take a look at the source code. Although there are many great quality pieces of software out there, I can recall a few instances in my personal experience where bad coding conventions or security vulnerabilities in a theme or plugin resulted in reoccurring hacks and malware injections. This is the last thing you want for your business or for your client.

My suggestion to prevent these things from happening: write your own code.

3. Run regular malware scan checks

Prevention will always be the most effective solution. You should regularly scan your website for malicious activity or traffic and if possible, have some kind of firewall installed as well. Virus scans are a default extension for most cPanel websites but if you don’t have one or if you don’t have server-level access to install a virus scanner, there are plenty of cloud options available. I won’t name them here but a quick Google search should yield you a few options.

Your website is often the first thing customers experience before interacting with you and the last thing you want them to see is a malware warning indicating that there is danger associated with your business. Therefore, you should always be proactive in your effects in preventing hacks and malware attacks before they happen.

What are some ways you have dealt with WordPress website hacks?