How to prevent my WordPress website from getting hacked

What or who is hacking you? It is important to start with exactly what has the ability to attack you. If you are using monetary payment systems you are more likely to be targeted, but all the same, your tiny little blog about pandas may also come under fire. Regardless of your web page function, you should always be on top of security.


Redirect – An illicit site using affiliate income could redirect visitors from your site. This is a wide net style attack and is worth it for the instant confusion and paying clicks it gets.

Resource – A takeover of your server could be used to send spam, service shutdown orders or many other attacks. This could lead to being placed on blacklists and even get you a hefty bill if you are on such a payment format.

Drive-by – An infection from hackers can install malware. This malware like ransomware, viruses, trackers can then capture information usable for illicit gain.


Firstly, use a good quality hosting service. Hosting sites are ten a penny these days, so it is imperative for you to have a high-quality hosting service. Most of the good ones will have security built into a package you have bought, be sure to investigate these services before signing up.

Your hosting service needs to perform regular scans for malware. It should also run up to date PHP and MySQL. You should inquire as to whether they offer WordPress optimisation and if the staff have an intrinsic knowledge of WordPress.


Backup services are another layer of protection. Services like Word Press Backup, Duplicator or Updraft Plus are the leading free backup providers. Others charge, but the cost is worth it considering the services they provide.

WordPress Plugins

Plug-ins are by far the easiest way for hackers to enter your domain. It accounts for over half of the hacks done on WordPress sites. Always keep an updated plug-in running at all times. Try to use software that alerts you when updating is needed. Plug-ins may be discarded by the author, this is an open invitation to a bot or hackers. Always check the author’s credentials and have them confirm the life expectancy of the plugin.


Two-factor authorisation is the new hot thing in cyber security. You may use this for banking, well it is now an intrinsic part of website security too. This is a brick wall for the brute force attacks. Adding to that you should set a username which is UNcommon. User names like ‘Admin’ are easy prey for the terror bots that continuously scan for such discrepancies. Whether you are running solo or in a team, you should have in place a security doctrine. One that encompasses strong passwords, the blocking of IPs that are not solo, and locking out users with too many password failures.

Follow these basic guidelines for a start to being protected, but as the World Wide Web is forever changing, you are advised to stay on top of both the attackers and the newest developments in defense.