Currently 35% of all websites worldwide run with WordPress as CMS. Due to its immense popularity, WordPress is of course also a popular target for hackers, spammers and data thieves.
First – the bad news: Hundreds of thousands of WordPress sites are hacked every year!
Howevewr, having a secure WordPress website doesn’t have to be a big challenge.
Step 1: Install WordPress updates immediately
It’s important to stay current with the latest WordPress updates. Make sure your WordPress website is running on the latest WordPress version.
Step 2: Update plugins regularly
It is critical to update all plugins regularly and to uninstall inactive plugins. In a Wordfence survey, 60% of known hacking attacks were carried out via plugin or theme vulnerabilities.
However, the security problems in most of these plugins were fixed a long time ago. The website owners just didn’t update the plugins and thus didn’t protect their website.
Step 3: Use secure passwords!
Use secure passwords! Also, don’t use obvious usernames – especially “admin” and “administrator”. These are the most common usernames attempted by hackers in brute force attacks.
Step 4: Make regular backups
A recent backup is essential to prevent data loss. If you back up regularly, all essential data of your website will be stored in another safe place in the event that you are attacked or make a mistake.
Step 5: Delete all unused data
Delete any old data that you no longer require from your website. This includes old backup files, log files, applications you don’t use (e.g.: phpMyAdmin and Adminer), or other items you don’t need on your website.
Also, old test sites (sub-domains, development and staging websites) should be updated or removed. Old data is an additional possible point of attack that must be protected. If you can remove them, you reduce the risk.
With these tips you are very well, but unfortunately not 100% protected. Should the worst happen, we can quickly clean up your website, find out how it got hacked, and help protect against future attacks.