There are many ways to protect your WordPress, any kinds of plugins that assure that your website will be safe. But when it comes to safety – the simple way it’s the easy way and more reliable. Let’s have a look:

Step 1 : Update WordPress

WordPress is updated at regular intervals to resolve security issues as they occur. So you should always keep it up to date with the latest version because older versions of WordPress are not maintained with security updates.

Also out dated plugins/themes are the most vulnerable to hacking. So Please make sure your plugins/themes are always updated. Also, if you are not using a specific plugin, delete it from the system.

NOTE: Please backup your site before you proceed with the WordPress site update. This ensures that you still have the working backup of your site which can be easily restored later if the update fails.

Step 2 : Change Your Login/Password

The default WordPress username is “admin” which is known to everyone (hackers). So you must change it to something different. For instance “David86“. Add this as a new user and allow admin privileges. Don’t forget to delete the default admin account.

Typically hackers will try to brute-force your passwords. So you should be fine if the password is strong enough.

We would suggest you to use strong passwords always such as UPPER and lowercase letters, numbers, and symbols. For instance “Fl@weRs#1$“.

Please don’t use the following when choosing a password

  • Any permutation of your own real name, username, company name, or name of your website.
  • Dictionary word
  • A short password.
  • Any numeric-only or alphabetic-only password (a mixture of both is best).

Step 3 : Change file permissions

Allowing write access to your files is quite dangerous, especially in a shared hosting environment. Please make sure the following permissions are set on your files:

Folders should have 755 whereas files should have 644 permissions.

If you have shell access to your account, you can change file permissions recursively with the following command:

*Please note if you are unsure about linux commands we recommend you open a ticket where we can complete this for you

For Directories:
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} ;

For Files:
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} ;

Step 4 : Securing wp-config.php

Please make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).

Step 5 :  Change your WordPress Keys

If your WordPress site gets hacked its very important to change the keys and wp-admin password immediately because a hacker can still login to your WP admin even after your admin password changes. In most cases when a WP gets hacked the hacker can still gain access to your WordPress admin area via the use of cookies (your old keys/salt). You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.