Whats the Best way to Protect Wordpress Website from Getting Hacked.
-
Hi All,
I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot. I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.
Thanks
-
Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.
For preventative measures for anyone with a WP site, I recommend the following:
- Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
- Remove admin account and any other "easy" usernames
- Give all WP users strong passwords
- Use strong FTP passwords
- Don't install any plugins you don't need
- Update everything often! This is the best way to avoid problems.
- Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.
In your case, I'd do the following:
- Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
- Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
- Remove un-needed FTP users, change all FTP passwords
- Audit your plugins and get rid of all you don't need
- Keep your plugins, themes, and WP updated.
Hope this helps. It's easier than it sounds when your get a system going.
Joey
-
A more detailed explanation of how you are getting hacked might help
Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?
The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?
It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.
Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.
Thanks
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Ranking problems with international website
Hey there, we have some ranking issues with our international website. It would be great if any of you could share their thoughts on that. The website uses subfolders for country and language (i.e. .com/uk/en) for the website of the UK branch in English. As the company has branches all over the world and also offers their content in many languages the url structure is quite complex. A recent problem we have seen is that in certain markets the website is not ranking with the correct country. Especially in the UK and the US, Google prefers the country subfolder for Ghana (.com/gh/en) over the .com/us/en and .com/uk/en versions. We have hreflang setup and should also have some local backlinks pointing to the correct subfolders as we switched from many ccTLDs to one gTLD. What confuses me is that when I check for incoming links (Links to your site) with GWT, the subfolder (.com/gh/en) is listed quite high in the column (Your most linked content). However the listed linking domains are not linking at all to this folder as far as I am aware. If I check them with a redirect checker they all link to different subfolders. So I have now idea why Google gives such high authority to this subfolder over the specific country subfolders. The content is pretty much identical at this stage. Has any of you experienced similar behaviour and could point me in a promising direction? Thanks a lot. Regards, Jochen
Intermediate & Advanced SEO | | Online-Marketing-Guy0 -
The best tool
Hi friends !! I have a huge question . Which is the best tool for SEO? I am using a lot of tools but I would like to know more ways to position my website in the top . I hope that you can help me! Regards , Carlos Zambrana
Intermediate & Advanced SEO | | CarlosZambrana1 -
Best way to start a fresh site from a penalized one
Dear all, I was dealing with a penalized domain (Penguin, Panda), hundred of spamy links (Disavoved with no success), tiny content resolved in part and so on .... I think the best way is to start a new fresh domain but we want to use some of the well written content from the old (penalized site). To do this task I will mark as NOINDEX the source (penalized) page and move this content to the new fresh domain. Question: do you think this is a non-dangerous aprouch or do you know other strategy? I'll appreciate your point of view Thank you
Intermediate & Advanced SEO | | SharewarePros0 -
Can anyone tell me if this website was built with Frontpage or another cookie cutter drag and drop website creator by looking at the source code?
Can anyone tell me if this website was built with Frontpage or another cookie cutter drag and drop website creator by looking at the source code? http://naturespremiumpestdefense.com/ Thanks, Russell
Intermediate & Advanced SEO | | ULTRASEM0 -
Looking for guidance on transferring and incorporating content from a purchased website into an existing website
One of my client’s recently purchased a competitor’s website, and we would like to transfer the content from the competitor’s website (http://www.wilson-hardness.com) to our client’s existing website (http://www.buehler.com); at the same time we want to minimize loss in keyword rankings the competitor’s website has established. The two websites work in similar fields: one measures and offers products in scientific measurement and analysis of various materials. The other website offers products that are in similar field: hardness testing equipment. Looking for suggestions on how to proceed or recommended reading on the topic. I’ve tried to do research, but haven’t found anything, so I’m not sure what to topic-names to search. Any guidance would be appreciated.
Intermediate & Advanced SEO | | TopFloor0 -
How do we get individual products to rank ?
Hi, We have a site that sells music and we have been researching SEO and things we can do to help SERPs. We have started on link building and have added links to the footer of our page We have friendly urls, meta tag description added to all products. My question is, Yes we can work on getting keywords to rank better in google, one of ours being buy cds. But when it comes to individual products these keywords and results are useless if people are searching for a CD by artist or title which most do as they know what they are looking for. How do i get better results for all these unique products ? One or more of our competitors constantly show up in first few results for nearly any CD search by artist or title, yet we cant seem to get anywhere near this type of result ? Thanks Chris
Intermediate & Advanced SEO | | PressPlayMusic0 -
Whats the best way to handle product microformats such as hproduct, goodrelations on ecommerce for Google?
With web3.0 results with microfrmatting showing in google, yahoo etc through reviews, instock, events, sales, pricing etc.
Intermediate & Advanced SEO | | RampUpInteractive0 -
What To Do For A Website That is Mainly Images
I have a website that is a desktop wallpaper script. People can come and upload 100's of wallpapers to share with the community. This is were the problems comes in. Files are normally called 27636dark.jpg or whatever and come with no description. This leads to 2 things. no text content that google can use to know what the page/image is about. Meta descriptions, URL's just look like spam. Example: /car-wallpapers/7636dark.jpg If a text description was added, it would still only be like "Green Trees in the distance". Which as you may guess, with 1,000's of wallpapers... would end up having a lot of descriptions the same. Is there any advice for sites that focus on image driven content?
Intermediate & Advanced SEO | | rhysmaster0