As long as there are personal and business websites, there will be hackers who, for unknown reasons, think that hacking a website is a must-do. Personally, all my websites have been hacked at one point or another over the last few years. Cleaning and rebuilding a hacked WordPress website is a real headache. I try to keep a good attitude and consider it a great time for a total redesign and also make sure to add more protection measures to keep hackers out.

My number one security resource is WordFence Security Plugin. I use the free version, which is great, but I know site owners who have upgraded and given rave reviews. There are other ways to protect your site or blog.

How do hackers get in?

To protect your site from unscrupulous hackers, it helps to know how they get onto it in the first place.

Use extreme caution when installing add-ons

As you can see from the image, plugins are the biggest risk for a site attack. There are tens of thousands of WordPress plugins available. Unfortunately, more than half are equipped with a “back door” on their website.

How to keep plugins safe

The number one way to keep plugins safe is to make sure you update them as updates become available. WordFence is a great way to keep track of updates; You will receive an email when a plugin has an update available.

Look at the details

There are some red flags that should serve as a warning against using a plugin.

• Visit the developer’s site. Please verify that you are there and updated with new details about using the plugin and make sure there is valid contact information. Tip: If it’s been a while since a plugin update was released, the developer may no longer support it.

• Better to download any plugin from the official WordPress site. The plugins listed there are likely safe. Downloading plugins from an unknown source should be avoided. This is one of the ways hackers will get in. They ask you to install their amazing plugin that is guaranteed to attract customers. Or that’s what they tell you it is, they’re actually asking you to do the hard part for them. The plugin likely contains the tools they need to hack your site.

• Do some research on the developer of the plugin. Look up the name of the author and the name of the plugin and put “malware” or “hack” behind it and see what comes up.

The second way hackers get in

The second most common way WordPress sites are hacked is a brute force attack. This type of attack is the best guessing game. It can take hours to find your site’s username and password, but it’s a pretty straightforward way to get in and do some damage. Use some of these tips to keep them at bay and off your site.

• Use two-factor authentication. With this method, users must know their password and have their cell phone ready to receive a secret number. WordFence premium has this feature and it is a surefire way to protect your site.

• Choose a unique username. It is no longer a good idea to use Administrator or Administrator. Using your domain name is also not recommended. Instead, choose a username that a potential hacker cannot easily guess.

• Change your password frequently. This is just one more way to sustain a brute force attack. Your software may be close to guessing your password, but if it is changed frequently, that would not be a problem.

Simple maintenance keeps your site safe

Follow a few simple steps to keep your WordPress site safe. Clean your site frequently. Get rid of plugins and themes that you no longer use. Keep your themes and plugins up to date. Install reliable security to keep hackers out. If you’ve never had to redo a 5-year site, be happy! If you’ve had to clean up a mess left by an attack, learn from mistakes and lack of security. Block your site and also your house.