It’s been two weeks since you’ve been crying out your body weight. You are devastated, frustrated, angry, and quite frankly, you’re not entirely sure about what you should do next to get over the horrid experience of your WordPress website getting hacked.
At this point, you’re at your wits’ end.
How on earth are you supposed to tell your customers that your website was hacked, and there’s no way for you to give their money back since you don’t have their money in the first place — the hackers have it.
Hopefully, you won’t have to experience your website getting hacked. Not only can the whole process of retrieving your site be a tedious and expensive one (depending on the kind of attack that you suffered), but getting your website hacked can also lead to all sorts of problems on your end — legal ones at that!
Here are five incredibly simple, yet highly effective security tips that you can use to improve your WordPress website’s protection drastically.
Let’s hop right in.
1. Choose a Reliable Hosting Platform
According to WPtemplate, 41% of websites are hacked due to the vulnerabilities in their hosting platform. That right there is a telltale sign of why you — or anyone for that matter — shouldn’t be complacent when choosing which hosting company to go for.
Instead of going for the cheapest hosting company, why not take the time to scour the web to learn which WordPress hosting company can give you the best price while not compromising the security of your website?
After all, when you think about the possible financial and emotional damage that comes with having your website hacked, you’ll have a better perspective of why you should go for the preventive approach (going for a reliable hosting platform from the get-go, albeit it being a slightly pricey), instead of having to risk your website from getting hacked.
While there are several points that you should consider when choosing a hosting company, these are some of the most crucial that you need to ask.
- Are their servers highly secure?
- Does the web hosting company have ample amount of security features to protect their customers (e.g., Firewalls, DDoS Protection, SSH/sFTP, Antivirus/Antispam)?
- Are their servers reliable? Or do their servers often go down?
- Are their tech support competent and responsive?
- What are their server upgrading options?
- What are their signup and renewal costs?
- Is their control panel user-friendly?
- Can they support you should you decide to scale your business?
2. Keep Your Software Updated.
Here’s a thought: If the hackers are constantly evolving their craft and are now able to use several methods to hack a website, then shouldn’t you be updating your “defenses” against the hackers’ methods as well?
A good bit of website security holes can be found in software programs; these are the things that the hackers’ automated scripts can search for and exploit, which enables them to be able to hack a website.
If your website’s software isn’t updated — whether in the server operating system level or those in your CMS — then you open yourself up to the possibility of getting hacked.
To keep your software dependencies updated, you can subscribe to several tools on the internet that will send you automatic notifications when a vulnerability is reported in one of your components. That way, none of your systems are left unattended and are kept up to date.
3. Use Complex Passwords. No, Really.
Quite frankly, I hate the fact that I have to point his out. However, I feel that there is just a need for me to do so.
You’ll be amazed at how complacent some webmasters can be when it comes to generating their passwords.
They either use the word “Password” as their actual password, while some of them even use their first names.
With that kind of hard-to-guess password, I’m pretty sure the chances of their websites getting hacked is near close to impossible. (I’m being sarcastic, of course)
I hope you aren’t complacent with your choice of passwords. After all, in case you missed what I implied on the previous point, hackers leverage on automation when looking for the sites that are vulnerable. It’s not like they’d spend their time manually trying to crack a certain site. Something like this rarely happens. For the most part, they just use an automated script to scour the web for “hackable” sites.
4. Hide Your Admin Pages
If your admin page can’t be crawled by the search engines, then it’d be a lot harder for the hackers to find it.
Be sure to use the
robots.txt file to prevent/discourage the search engines from indexing your admin pages. There are several tutorials online that you can reference to if you aren’t familiar with how to add the
5. Install Website Security Plugins
Aren’t plugins the next best thing since sliced bread?
I’m sure you’ll agree with that statement if you’re managing a WordPress website.
Plugins can put your WordPress site on steroids. Whether you’re looking to add more functionality to your site, improve its SEO element, or you want to optimize your website’s speed — you can accomplish these by installing plugins.
What’s more, not only are the plugins such powerful tools, but they’re dead-easy to use as well. In just a couple of seconds (some plugins would take minutes), you’d be able to install a new plugin to your WordPress site and enjoy its features.
But wait, there’s more!
I know that everything that I’ve said about plugins up to this point is “drool-worthy“, however, we can still take things up a notch.
Did you know that a good number of these plugins are free?
Having said all of this, just head over to our WordPress security plugins page, then start looking for website security plugins that you can add to your site.
Have you experienced getting hacked in the past? Please share your experience in the comments section below. It’d be awesome of you if you’d include these points in your comments:
- How was your website hacked?
- What did you do to retrieve your website?
- What is the one best tip you can share to webmasters about website security?
I look forward to reading your ideas soon. Cheers!