How to avoid my WordPress website being hacked? We teach you how to prevent your website builded with WordPress from being hacked or exposed to malware, viruses and many things that people doesn’t know at all.
First of all, you need to pratice a good security hygiene that is the truth, if you don’t. You can’t prevent anything from being hacked, you need to know that every single step or configuration can lead to your website / blog being compromised with someone, you don’t want that? Right?
WordPress Plugins
You should avoid using a lot of plugins even if is Security plugins, they also have their exploits, bugs and vulnerabilities, isn’t because is Security plugin that will protect you from anything. Plugins based and focused in Security also have their issues and bugs, you shouldn’t use a lot and trust them of all.
We need to understand, some plugins are great, but never forget that one day, one month or random day they can’t stop working and developers can obviously give up and not update anymore the plugin, no matter which is. They can do it and they have the right to do it (unless if a paid plugin and in the contract it tells the opposite).
What to do to prevent WordPress Plugins from creating vulnerabilities, bugs or exploits?
You don’t be surprised, but avoid using a lot of plugins! Yes you heard right, avoid using excess and load plugins can make your WordPress CMS being vulnerable to attacks and hackers. Avoid using many plugins for this or for that. Disable plugins that you don’t use! That’s simple.
What to do more about WordPress Plugins?
First, do you really need that plugin? If the answer is NO, then disable it. Why having it enabled if you don’t need it?
Don’t use the same WordPress Admin URL!
You have the url yourdomain.com/wp-admin in the same url? Avoid, change it to anything like this:
Example: Yourdomain.com/wpadmin540292/ it will be more safer than the original url admin (wp-admin or wp-login).
Doesn’t mean that you will be protected from hackers, but it will prevent some kind of malicious users to trying to do anything, specially if they lack of knowledge.
How to change WordPress Admin Login page?
We always recommend you make a backup before doing anything in your hosting or server. Is not because of this, but if something goes wrong, you have your backup and you can restore it and that’s a good pratice.
- Go to your cPanel or FTP access and go to WordPress folder installation
- Find wp-login.php and open it with notepad++ or Sublime or other text editor search for all instances “wp-login.php” and change it to something you like “wp-new-login-url” this is a example, please don’t change the name of extension .php! Just the name, just replace all names of wp-login.php to the new-admin-url.php inside the code!
- Save your file and don’t forget that you changed your URL!
- Rename now the file wp-login.php to the new one, should be the new url for admin access you changed inside the file!
- Done, your website will be the new url.
This can be done with plugin? For sure, but make sure that you delete if possible when you do it, but I recommend you doing that manually.
Limit Logins Attemps and Captcha in WordPress Admin Page.
By default in Hosting cPanel when you create a WordPress, you can implement to prevent someone trying passwords to many times, use it and make only 5 tries, if they fail they are banned.
If you are experienced user you should use 3 times to try the password in login Page of WordPress. You can also use a Captcha in login of WordPress page.
Limiting login attemps are the best to prevent someone try passwords everyday, this will give a high peak in CPU and you don’t need that.
WordPress Themes
Avoid using Nulled themes or Nulled Plugins, that can have backdoors, viruses and exploits behind it and your website can be exposed and used as a “zombie” to do attacks to other websites or worst, to steal passwords from your website or many more! Don’t use it. Always use original themes and if you can pay for it!
Avoid also using Elementor and WP Bakery plugins, they are good yes. But it can create other security issues in your WordPress, avoid also. Well if you can’t… Use it with moderation and always update the plugin to last version.
Search a theme independent of Elementor, WP Bakery or other any plugin, if your theme have features from the stratch that is much better than have a theme based in Elementor or other plugins.
WordPress Users
Don’t give your admin password to anyone this is obviously of course, but some people doesn’t understand that can compromise your website even if is for couple of minutes, change password and check if your email remains the same!
Make a User Rolls to your colleagues or people who work with you.
Use Strong passwords and pratice a good password hygiene otherwise you can be hacked easily since passwords like “123456” or “123456789” can be discovered in seconds or minutes! Don’t do it never, but never. Change it time to time and if you know that your password is exposed in some place, change immediatly it. The same steps for the email password of WordPress Admin user.
Conclusion:
Well this is nothing new, but we see a lot of people doing the same mistake everyday, every month! Just don’t. Be smart and don’t trust in every people you find in Internet or other place. Just be smart and don’t share your login passwords even your Hosting passwords or they can have access to all your information including your website files. Don’t do that if you aren’t sure!
Alexhost recommends all users and customers to pratice a good security hygiene by recycling their passwords time to time and praticing a good security hygiene and keep it update like Plugins and Themes and of the course the core of WordPress! Update also your WordPress to the latest version.
That is all.
