How to Secure Your Site from Hackers

A few weeks ago I had the great misfortune of logging on one day and discovering that a lot of my Word Press sites had been hacked. In total 7 sites had been compromised and out of these 3 were quite valuable to me so I wanted to get them fixed and secured as soon as possible.

Like most people I thought my sites were pretty well protected. I changed my passwords often and backed them up regularly. Little did I know that the Word Press platform is notorious for attacks from hackers. If your site isn’t updated to the latest version or one of your plugins are out of date you could unknowingly be setting yourself up for a fall.

With the help of some friends I was able to secure my sites again but it took a lot of time and got in the way of some other work I was trying to complete. So in this post I’d like to outline some simple steps that I’ve since followed that has allowed me to lock down my sites and have made them a lot more secure from attacks.

Back Up Regularly
First things first, before you start messing around with plugins and updating settings take a few minutes and make a complete back-up of your system. This is important incase something breaks when your changing something so that you can re-install your default version if anything goes wrong. I use Back Up WordPress for this but you can use whatever plugin your find best, but just make sure when running the back-up you include “all files” and not just the basic database option which many plugins offer.

Install these 3 Security Plugins
I bought a WP security product after my sites were hacked and in it I was advised to install 3 plugins and combine the power of all of them to lock down my sites. They are Secure WordPress, BulletProof Security and Better WP Security.

The reason why its best to use a combination of all of these plugins is that you will only need a couple of features from each one. Basically by taking the best bits from each plugin you are able to provide your site with a very comprehensive security solution.

I won’t go through the configuration of these plugins because it will make this blog post very, very long but if your need any help then just send me an email and I’ll help as much as I can.

So what do these plugins do?
They perform a mixture of security functions, all of which are designed to protect your sites from the most common attacks on the net.

A general overview of some of the things they do are as follows :

  • deleting the “admin” default WP username and replacing it with something more secure
  • secure the htaccess file
  • change permissions on different files and folders on your server
  • blacklisting and locking out known IP addresses from attack sites
  • keeping a log of all 404 errors and bad logins
  • changing the root of your sites backend so it is more difficult for bots to find

plus much, much more…..

I will admit that setting up all of this did take a lot of time but that was mainly because I had to first fix my sites that were hacked, all 7 of them, and then lock them down using those plugins.

I’d advise anybody reading this to start taking similar measures to safeguard your sites because it is a lot of unwanted hassle and time wasted trying to put them right after an attack. It would be a lot easier to just activate these security features on any new site Word Press installation and bit by bit revamp all your current sites.

The stats on hacking are quite unbelievable with around 75% of new WP sites being hacked within 12 months and the thing is that a lot of people don’t even know that their sites been hacked. Perhaps the hackers injected some malicious code into your their site or created a “backdoor” so they can get in and cause trouble whenever they want.

Prevention is definitely the best solution for this problem so follow these simple guidelines and make your WP site as secure as Fort Knox :

  • keep all themes, plugins updated to the latest versions. Often these updates are used to fix security bugs so always keep everything up to date.
  • run back-ups regularly so if something should ever happen to your site you can just re-install your last known clean version.
  • install the 3 security plugins and keep an eye on the error logs to see if your site is being targeted.
  • change your passwords regularly and delete the default WP username. Create something unique because most the “admin” username is very prone to attacks as the hackers only need to crack your password.

By following these simple steps your site will be more secure that 99% of others online. It may not protect you from all attacks but you will have peace of mind because you know your site is secure. Especially if you incorporate those 3 security plugins you know that even if your site comes under attack you have the procedures in place to deal with it. Also the fact that you have been backing everything up you know you can just re-install your site should the worst happen.

If you have any questions then send me an email of leave your thoughts as a comment below. I’d be interested in hearing if you have any other tips to make your site more secure.

Thanks for reading,

Noel.

Want to read more posts like this? Then you’ll enjoy these posts from the archive…

 

Triple Threat Method for Big Commissions

 

How to Position Yourself as an Authority Figure in Your Niche

Mastermind Gold with John Thornhill

 

12 Comments

  • Roger Weavers

    Reply Reply January 7, 2013

    Hi Noel,

    Thanks for putting this post together. I am only using one of the 3 plug-ins so I will take a look at the other two. Its not only WordPress that suffers from the hackers. I spent a couple of days last week sorting out an osCommerce site for a client that had been hacked. Open Source sites are a prime target but also any site that uses php code can be targeted. If you have a standard php form on a static html site have it checked as this can be an easy way in.

    Cheers
    Roger

    • Noel

      Reply Reply January 14, 2013

      Thanks Roger,
      Ya, it seems to be very common nowadays. Another thing that I am going to do is get rid of any old sites that I don’t use anymore. Because if I don’t keep them up to date they’ll become an easy target again, I know I’ve a few sites that I’ll never use again so they will be the first to go!

      Cheers,
      Noel.

  • Paul Conway

    Reply Reply January 8, 2013

    Hey Noel

    Fingers crossed I have as yet not been hacked. I never ever have “admin” as my username just for the reasons that you mentioned.

    My wp blog is automatically updated with the latest version so that part at least is good :)

    My password is never less that 16 charactors long, so hopefully they hackers will get tired and move on elsewhere ;)

    I will have a look a the security plugs in that you mentioned.

    Cheers
    Paul

    • Noel

      Reply Reply January 14, 2013

      Hey Paul,
      They are some good tips you’ve mentioned, I know for a lot of people they just overlook little details like this but they make a big difference to your sites security so thanks for sharing them :)

      Noel.

  • muhsin

    Reply Reply January 17, 2013

    Hey Noel,

    Thanks for putting this up together. I am gonna check out the plugins that you mentioned.
    Although I am not an active user of wordpress, these are definitely good plugins that I should check out.

    • Noel

      Reply Reply January 18, 2013

      Thanks Muhsin,
      I hope you find them useful!

      Cheers,
      Noel.

  • Micah Medina

    Reply Reply January 19, 2013

    D’oh! Password protection and security are a little like condoms – nobody thinks of protecting themselves until it’s WAY TOO LATE. Especially when you’re starting out – you don’t think it can happen to you.

    Doesn’t explain the folks with a dozen kids, but that’s life. :)

    • Noel

      Reply Reply February 12, 2013

      Ha ha good analogy Micah and it’s very true! :)

  • Dean Thompson

    Reply Reply January 23, 2013

    Hi Noel,

    That’s some great information you’ve listed here.

    It’s a shame that WordPress don’t make users more aware of the potential security hazards by having an option at the very start of someone using their platform.

    Having your site hacked is not only a headache in itself but also very demoralising.

    It’s a shame that this post can’t be handed to every newbie starting online as the stats you publish are quite alarming.

    Thanks for this Noel. I’ve got all 3 installed.

    Regards,
    Dean.

    • Noel

      Reply Reply February 12, 2013

      I know Dean, I wish they would emphasize it more because people are getting hacked everyday and WP is fairly easy to break into.

      Good to hear you’ve installed the plugins, no doubt your site is a lot safer now.

      Thanks,
      Noel.

  • John Richards

    Reply Reply February 11, 2013

    Hi Noel

    This is a post we all should take note as most of us dont realise regarding site security and hacker sites we all should be careful with things like up to date software and plugins.

    Thanks for this post i shall keep these points in mind.

    • Noel

      Reply Reply February 12, 2013

      No problem John, I’m glad you got some good tips from it. Security is VERY important and WP is very prone to attacks.

      Cheers,
      Noel.

Leave A Response

* Denotes Required Field

CommentLuv badge