Protect your WordPress website from malicious hackers, spam and other bots attempting to invade your site by taking some simple steps for non-coders.
Plugins are a great way to enhance the security of your WordPress website. Dustin Hartzler from Your Website Engineer talks with me about some of his favorite ways to protect your website.
Also included in this episode is a conversation about the importance of backing up your site on regular basis in case something does manage to infect your site. Backing up is an easy way to get your site back to normal quickly. Dustin walks us through ways to clean up your site after an attack and how to get back into the good graces of Google should you end up being blacklisted.
Here’s Dustin tips and plugins for securing your site.
- Secure your site
- Don’t look Brand New
- Remove Sample Page
- Initial Comment
- Keep WordPress Updated
- Remove unused themes and plugins
- Don’t use the username: admin
- Create secure passwords – I like odd numbers 9 or 17 digits
- Never share you passwords
- Never email passwords
- Back up your WordPress site
- Don’t back up the database contents to your server. If a hacker gets in, they have access to your username / password.
- BackWPup: http://wordpress.org/extend/plugins/backwpup/
- WordPress Backup to Dropbox: http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/
- BackupBuddy (http://yourwebsiteengineer.com/backupbuddy)
- WordPress Plugins
- BetterWP ( http://wordpress.org/extend/plugins/better-wp-security/ )
- WordFence ( http://wordpress.org/extend/plugins/wordfence/ )
- Wordfence is one of the newer security plugins. However it has matured very quickly. One of the great features of Wordfence is that it will compare the plugin, theme, and WordPress core files on your installation with the official version in the WordPress repository. If there are any discrepancies, the plugin will send you an email.
- WP Login Security 2 ( http://wordpress.org/extend/plugins/wp-login-security-2/ )
- WordPress File Monitor Plus ( http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/ )
- Theme Authenticity Checker ( http://wordpress.org/extend/plugins/tac/ )
- Recover from a hack
- Most hacks won’t make your site look like it’s been hacked, unless you google your site, or try to post Facebook links
- Restore from a previous backup
- Problem: you don’t know when you were hacked.
- Change passwords
- Change WordPress, FTP, cPanel to be safe
- Remove all plugins and reinstall (to be safe)
- Remove the google warnings
- Resubmit your site to Google. This will take a few hours until your site is crawled and the malware warning will be removed.