There's a lot you can do to help to protect your site from hacking attempts. Here are a handful of things we have found, that anyone running WordPress should do to help better secure a WordPress site and reduce the chances of it being hacked or, at the very least, make it more difficult to hack.
DO NOT use tools like Fantastico or Softaculous to streamline the installation process.
When installing WordPress, we ONLY ever recommend using the files directly from WordPress.org.
The software is easy to install manually by following the simple WordPress installation instructions.
If you have problems installing WordPress then why not contact us for help.
Essentially the quick order is as follows:
- Create a database in cPanel and a database user, then assign the user to the database with ALL privelidges.
- Keep a recpord of the database name, username and PASSWORD!
- Download the UK Version of WordPress from the link above
- Upload that zip file to your "public_html" folder. (cPanel file manager)
- Unzip the file on the server (Right-click and extract).
- Select all the files then drag'n'drop them back to "public_html" from the new /WordPress folder.
- Go to your website URL and go through the installer.
Creating a New Database:
Using cPanel to create a new database is very easy. Use a little common sense when naming your database (i.e. don't name it "wordpress", "wrdp", etc.)
Create a name you will be able to remember is associated with that particular website, but something a hacker or automated attack program wouldn't easily identify with a specific domain.
Creating a database user:
Once your new database has been created you will need to create a database user and assign it to a database.
You should always create a new user for each database. Using the same user for every database is asking for trouble. In the event that someone gains access to your hosting space they could gain access to every database that exists there using the same user information.
As with naming the database, use some common sense. The username should NEVER match your domain name.
You will also have to assign a password to your new database user. Using the password generator in cPanel is perfect. You can also head over to Strong Password Generator and create your own password.
Editing Your wp-config.php file
Further tweaks and adjustments on editing your WP Config file.
WordPress Security Plugins
There are plenty of plugins claiming to secure your WordPress website. But only 1 plugin covers all the bases and offers ultimate website security.
- WordFence â€“ Wordfence includes an endpoint firewall and malware scanner that is built from the ground up to protect WordPress. Their Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by Two Factor Authentication and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.
WordFence is a Minimum Requirement to host WordPress websites on any of our servers.
If in doubt, please ask us, we can install and configure it for you.
Our Monthly WordPress Maintenance Service provides you with WordFence premium and we take care of the security for you.
Keep Your WordPress Software Up-To-Date
ALWAYS keep your WordPress core software updated to the latest version. While WordPress often makes significant changes to the functionality and usability of the software with major releases, incremental upgrades are often released to plug identified security vulnerabilities and resolve reported issues. You're tempting fate by keeping older versions up & running. You have been warned.
Our Monthly WordPress Maintenance Service takes care of all of this for you.
Backup. Backup. Backup!
Our web hosting services all have twice-daily backups and we retain 1 weekly and 1 monthly backup. If you host your website elsewhere and fall victim to a hacker, you better have a backup of your site.
Having access to regular backups of your site can not only prevent catastrophe but makes reverting back to a "clean" version of your website quick and incident-free.
There are several WordPress plugins available to help you backup your data and protect yourself against data loss in the event of an attack but the one we recommend is:
- All In One Migration tool (Quick and easy fully restorable backups of your entire WordPress website.)
Better safe than sorry.
Seem like a lot of effort? Maybe our Monthly WordPress Maintenance Service is better suited for you.
Protecting your site is much less time consuming and far less expensive than trying to figure out what the hell to do after your site has been attacked. Not to mention the fact that you usually don't even know your site has been hacked until it is kicked out of Google. That is NOT a lesson you want to learn the hard way.
Doing everything you can to prevent an attack, to begin with, and you'll never have to experience first hand what it's like to cross into that whole new realm of monumentally screwed.