Did you know that on average, around 30,000 new websites are hacked every day? If you do not give attention to this fact and not secure your WordPress site, your website might be one of them.
And I can say that from my experience, and I am not talking about your website taken over by someone else, I am talking about the hacks that you won’t even realize. Something that happened to me on one of my sites.
The hacker was so smart that he added my IP address so that I wouldn’t find anything suspicious when I open my website, and only the people who are visiting the website from search engines would be affected. And not even everyone.
The installed scripts that would randomly take my visitors to some random pages filled with pornography and adult content. So embarrassing, I know, and that’s why I have added that extra layer of security on all my WordPress sites.
In this article, you will learn how you can do that as well. Or
Watch the Video Instead
Do not use Nulled WordPress Themes and Plugins
Your computer can get attacked if you use infected websites to download pirated software or movies. The strange thing is, your computer can still get infected if you did browser any such website to download anything.
It can happen if your computer does not have an anti-virus installed.
The same thing can happen to your website as well. It can get infected with malicious codes if you have been using pirated themes on your WordPress blog, which means downloading paid items from pirated websites.
So, I strongly urge you not to download WordPress Theme and Plugins from such sources.
It’s okay if you can not afford a premium theme or plugin right now, there are so many free ones available, and there are plugins available with free versions.
Try using these free versions of WordPress theme and plugin until you can afford the premium version.
Install Wordfence WordPress Plugin
Just like your computer requires an anti-virus, your WordPress website also requires something that keeps on scanning your website and makes sure that your website does not get attacked by hackers.
Wordfence WordPress Plugin is my choice of security plugin for WordPress that I use on all my websites.
I’ve previously written an article about how to find if your WordPress site is hacked. This goes electric in-depth about how you can scan your website to find if there is any malicious code already installed so that you can get rid of it.
Even if you do not find anything fishy at the time of installing, I would suggest you keep it installed so that it keeps your website safe by doing regular scans.
Apart from that, it also has got a Firewall that will prevent any hacker from making malicious attacks on your website.
Install All in One Security Plugin
The other WP Plugin I suggest everyone install is, All In One Security Plugin.
The security plugin limits the login attempts by people on your website will record your IP address so that it can block it out to prevent your website.
In the plugin settings page, you can customize the settings, such as the number of attempts you want the person to make, before blocking them out, giving them the option to request unblock the username, which is helpful if you run A multi-author blog.
Once you install this plugin up, it will show you the number of items made by different people on your website, and you will be shocked to see how many people are attempting to log into your account.
Start using a secured password
If you are and already falling at the start doing it right now. Do not use passwords you have used elsewhere.
So many data breaches keep happening worldwide, and if you are using the same password on different accounts, the same password can be part of a data breach, and hackers might try to get into your online accounts.
You can use WordPress inbuilt password generator which gives you a pretty strong password.
Setup SSL on Your Website
Another important point is to set up SSL on your website. This will not only allow you to have a secure connection while logging into your account so that no one can steal your password when you are on open Wi-Fi connections.
Apart from that, SSLs are also now one of the ranking factors of Google. And you don’t have to worry about spending money on and as you can set up free SSL certificates using services like Letsencrypt.
We have previously written an article telling users how they can use free SSL on Serverpilot.
Serverpilot is a more natural way to host your website on Digital Ocean. Although the article is specifically about setting up free SSL on Serverpilot, you can pretty much do it on any server, with the help of Google. (all let me know in the comments I should make a tutorial about it as well).
