How to Protect your WordPress Site from Hackers

If you have been following our blog you may have read our last article on How to Prevent your WordPress Website from Being Hacked. If you haven’t read it, here is a recap.

Thousands of sites are hacked on a daily basis and no one is immune. Websites are being compromised from small ma and pop shops to huge corporations.

We cannot stress enough the importance of keeping WordPress core files, plugins and themes up to date. Hackers can find “back doors” through outdated code and many times updates will include a security patch.

Hackers use sophisticated password-cracking software so always use strong passwords with at least 8-10 characters including lower and uppercase letters, numbers and special characters.

Protecting Your Site From Hackers – Additional Considerations

Delete Themes if You are Not Using Them

The theme is the template or “skin” your site is using to display your site. It is only possible to use one theme at a time but usually site owners will find numerous themes installed even if they are not activated. This may happen because you have redesigned your site recently and the old theme is still available. Also WordPress comes out with a new default theme every year. You can tell which themes are the defaults because they will be named “Twenty Fifteen”, “Twenty Fourteen” and so on.

Note: To view the themes you have installed go to Appearance > Themes in the WordPress Dashboard.

In the example below there 8 themes installed which is not necessary and just provides hackers with more potential doorways into our site. We have the active theme which you will always find in top left corner. (Make sure you do not delete that one!) Then we have one commercial theme that is not being used and 6 WordPress default themes that are not being used.

We suggest to delete all themes except for 2: the active theme and one WordPress default theme as displayed in the example below.

Delete Unnecessary Plugins

Just like themes, if you have plugins that are installed that you are not using, get rid of them. For example, many themes will come with 3 different slider plugins. If you are only using one delete the other 2. These are just more plugins that you have to keep up to date and could potentially cause your site to be compromised if a hacker finds their way in through that plugin. Wouldn’t that be frustrating if your site was hacked through a plugin that you weren’t even using?

How Often are Your Plugin Developers Providing Updates?

So you are logging in on a regular basis and taking care of the available plugin updates. That’s great! That is what you should be doing. But pay attention to the plugins that do not have any updates available. How long has it been since they had an update? A year or more? The developer may no longer becoming out with updates and has completely stopped supporting the plugin. How perfect would that be for hackers. A well known plugin that is no longer being supported and has no security updates!

Even if you are relying on that particular plugin for a certain functionality, it’s time to make a switch. There are thousands of WordPress plugins out there and you are sure to find a replacement. Even if it takes a bit of rework to configure a new plugin, it sure beats cleaning up malware or having your IP blacklisted because a hacker found their way into your site.