DEV Community

Cover image for How Can I Protect My WordPress Website from Hacking?
Kevin David
Kevin David

Posted on • Updated on

How Can I Protect My WordPress Website from Hacking?

Want to protect your WordPress site against hacking? But you don’t know about web security? It’s really crucial and you must know “how can I protect my WordPress website from hacking efficiently”. Or else, you could lose your website.

Many of the professionals I advise for their internet marketing overlook the risks of piracy. They think this only happens to the most visible sites, or to those who host sensitive data. Here's how to set up good protection for free.

For example, know that the last of my sites to have been targeted by a hacker is nothing like a web giant: it receives an average of 150 visits per day, and I don't sell anything directly on it.

This site simply receives links from other sites that my prospects frequent and it is in the top 3 of Google for several keywords in its theme. This is the best way to attract as many qualified visitors as possible, and unfortunately, it does not take more to bring in pirates and spammers of all kinds.

I don't know your web strategy, but I'm pretty sure it involves promoting your site. So it's best to take 5 minutes to prepare for unwanted visitors.

7 Ways to keep your WordPress website from hacking

Keep WordPress up to date

WordPress is popular; a large number of users imply a large number of hackers, on the lookout for any forgotten update to exploit possible security bugs. It is therefore imperative to carry out the updates as quickly as possible via your administration panel.

Updates are indicated directly as soon as they are released, and the same goes for plugins. Do not forget to update your plugins; they are often the source of a successful hack.

Back up database and files regularly

In the event of a problem, you can always find your files and databases if you had previously backed them up. To save the database, you can do it on the command line, via your PHPMyAdmin- style administration interface, or via a plugin provided for Backup.

Change username

Don’t ever keep your main admin user name; try to change it. If you keep the main user name on your admin panel surely hackers will find a way to hack your website.

Protect the server

To properly secure your WordPress site, you must also think of the server. Delete the readme.html file installed in the root of your installation which contains the version of WordPress.


HTTPS allows encryption of data transmitted between a client and a server. When this data is not encrypted and is recovered on the fly, I do not describe the problem that can happen if it is the administrator password.

Install essential security plugins

The Better Wp Security plugin is very effective in automating certain tasks that we have seen. It allows you to secure your WordPress site with a ton of options. Hide the option "My WP protects" your site by hiding sensitive files and folders. The Baw anti-Csrf plugin protects you from CSRF attacks.

To remain vigilant

A complicated password is worth 10 simple ones. Do not use this same password for several different sites/services. Do not click on offers that are too attractive, even less if you are asked for your password.

Avoid logging on to a computer that does not belong to you, because even in HTTPS you are not safe from key loggers.

Wood fence the best WordPress security plugin (recommended)

The first thing you have to do that is to install the plugin. You can do it automatically from the dashboard of your site (by searching for Wordfence security), or else get the Plugin here and install it manually. It will take not more than a maximum of 2 minutes.

Then activate the plugin, and follow the guided tour if you want to familiarize yourself with the menus. You have it for 1 minute.
Once Wordfence is activated, you need to configure it. Open the administration menu (by clicking on the Wordfence tab which appeared in the left column) and click on Options. In the first window to fill, you will indicate to which email address Wordfence will send alerts in the event of an attack.

The second window contains an activation code that has been automatically assigned to you; you do not have to touch it. Below is a drop-down menu, which allows you to choose the level of security you want.

If you do not want to configure everything by hand select Level 2, this is the security level that is best suited. Then click on save changes, just below. This configuration step will take you a minute to break everything.

To finish you will simply launch a first full scan of your site, by clicking on Scan in the left menu; then on the blue Start a Wordfence Scan button.

Wordfence will now scan all of your files as I explained earlier, and it will notify you if any have been changed.

This will be the case if you have WordPress in other languages. In this case, do not panic, when you will see the alert messages you will only have to click on See how the file has changed to see precisely what has been changed in the file. These are normally passages in English that have been translated.

Once you have verified that your files have not undergone any dangerous modifications, you just have to click on Ignore until it changes and Wordfence will consider them as healthy files during its daily scans.

There is a paid version of Wordfence, which offers you more possibilities and a higher level of service. But even the free version of this plugin is superior to most of the paid tools that exist.

Final Thoughts

According to Google, the number of pirated sites worldwide increased by more than 30% in 2019 compared to the previous year. The attacks come from all over the world, and they are obviously automated.

These are malicious programs that automatically scan large amounts of sites for vulnerabilities. So, Follow my steps properly or use wood fence for your website. These are the only way to know how can I protect my WordPress website from hacking.

Top comments (0)