Whats the Best way to Protect Wordpress Website from Getting Hacked.
-
Hi All,
I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot. I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.
Thanks
-
Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.
For preventative measures for anyone with a WP site, I recommend the following:
- Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
- Remove admin account and any other "easy" usernames
- Give all WP users strong passwords
- Use strong FTP passwords
- Don't install any plugins you don't need
- Update everything often! This is the best way to avoid problems.
- Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.
In your case, I'd do the following:
- Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
- Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
- Remove un-needed FTP users, change all FTP passwords
- Audit your plugins and get rid of all you don't need
- Keep your plugins, themes, and WP updated.
Hope this helps. It's easier than it sounds when your get a system going.
Joey
-
A more detailed explanation of how you are getting hacked might help
Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?
The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?
It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.
Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.
Thanks
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How can i recover from japanes keyword hack after wordpress clean up
I'm facing a big issue on my two blog legitloaded and asirimp3 months after I patch and clean up my WordPress and plugins, too... I still see the hacked site in google search that I have asked to delete, but I still see the same character and the hacked material in google. I don't know what to do, I'm confused. I try asking google to update my page, but I can't find the URL in the search console. when checking on google with URL: site:legitloaded.com tzj6XvF
Intermediate & Advanced SEO | | frankbanny0 -
AMP for WordPress: To Do Or Not To Do
Hello SEO's, Recently some of my VIPs (Very Important Pages) have slipped, and all the pages above them are AMP. I've been waiting to switch to AMP for as long as possible bc I've heard it's a very mixed bag. As of Oct 2018, what do people think? Is it worth doing? Is there a preferred plugin for wordpress? Are things more likely to go right than wrong? The page that has gotten hit the hardest is https://humanfoodbar.com/plant-paradox-diet/plant-paradox-diet-full-shopping-list-for-lectin-free-diet/. It used to bring in ~70% of organic traffic. It was #1 and is now often near the bottom of the page. 😞 Thanks all! Remy
Intermediate & Advanced SEO | | remytennant1 -
Best wordpress plugin for redirects, Old to new pages
What is the best wordpress plugin for redirects, Old to new pages?
Intermediate & Advanced SEO | | Michael.Leonard1 -
What's the best way to deal with deleted .php files showing as 404s in WMT?
Disclaimer: I am not a developer During a recent site migration I have seen a bit of an increase in WMT of 404 errors on pages ending .php. Click on the link in WMT and it just shows as File Not Found - no 404 page. There are about 20 in total showing in webmaster tools and I want to advise the IT department what to do. What is the best way to deal with this for on-page best practice? Thanks
Intermediate & Advanced SEO | | Blaze-Communication0 -
Best way to fix 404 crawl errors caused by Private blog posts in WordPress?
Going over Moz Crawl error report and WMT's Crawl errors for a new client site... I found 44 High Priority Crawl Errors = 404 Not Found I found that those 44 blog pages were set to Private Mode (WordPress theme), causing the 404 issue.
Intermediate & Advanced SEO | | SEOEND
I was reviewing the blog content for those 44 pages to see why those 2010 blog posts, were set to private mode. Well, I noticed that all those 44 blog posts were pretty much copied from other external blog posts. So i'm thinking previous agency placed those pages under private mode, to avoid getting hit for duplicate content issues. All other blog posts posted after 2011 looked like unique content, non scraped. So my question to all is: What is the best way to fix the issue caused by these 44 pages? A. Remove those 44 blog posts that used verbatim scraped content from other external blogs.
B. Update the content on each of those 44 blog posts, then set to Public mode, instead of Private.
C. ? (open to recommendations) I didn't find any external links pointing to any of those 44 blog pages, so I was considering in removing those blog posts. However not sure if that will affect site in anyway. Open to recommendations before making a decision...
Thanks0 -
Getting over that DA hump...
Hi All, I have a client with a sizeable international manufacturing operation who we've managed to get up to a DA of 40 over time. However, things seem to have levelled out, and I'm not sure how to mix it up to get the numbers back on the rise. We create regular blog and social content, run press releases bi-weekly, optimize on-page content and stay on top of all technical issues. What else can we do?? Any suggestions are greatly appreciated, Thanks.
Intermediate & Advanced SEO | | G2W0 -
Best way to move from mixed case url to all lowercase?
We are currently in the process of moving our site from a mixed case structure i.e -> <sitename>/franchise/childrens-child-care/party/Bricks-4-Kidz/company-information.cfm</sitename> to all lowercase i.e -> <sitename>/franchise/childrens-child-care/party/bricks-4-kidz/company-information.cfm.</sitename> In order to maintain as much link juice as possible, should we be using 301 redirects to point from the old to the new? or would it be more advantageous to wait for the next crawl and the link juice would also be somewhat maintained even though the all the upper case letters have been converted to lowercase?
Intermediate & Advanced SEO | | franchisesolutions0 -
What is the best process to move a wordpress website ?
Hello Seomoz community, Simple question , i am looking forward to move a word press website from blog.domain.com sub domain to domain.com/blog to increase my indexed link on the root domain indexed by search engine.The blog i want to move already have high PR ( 6 ) i , of course want to avoid broken link , already indexed in search engine. What would be the best way to process to prepare this move accordingly on a SEO perspective ??? Many thanks in advance. Yan Desjardins
Intermediate & Advanced SEO | | SherWeb0