It doesn’t matter if you are a newbie blogger or an experienced blogger, security of your WordPress blog should be your number one priority. But a lot of people are not aware of it, and they don’t care.
Or, they do not know if their site is hacked. Because there are many types of hacks, a WordPress site can be hacked and infected with something malicious even if you see it being loaded in your browser, usually. You are noticing people visiting your blog just like any other day.
I can see this from personal experience. One of my blogs was hacked and infected with malicious code, and I came to know about it six months later. Since the website was pretty small, and whenever I opened it, once a week, it was running fine.
I came to know about it only when I tried visiting from the search engine while looking for rankings. I was redirected to A fishy website, which was one of those scam sites that you come across.
The surprising thing, it only happened once, and when I tried visiting my website through the search engine, it did not happen again. After a lot of research, I came to know that it was randomly redirecting search engine users so that no one can find out if it is hacked.
How to find if your website is hacked?
Even if something like this doesn’t happen to you, I will strongly advise you to follow the steps mentioned below to find out if your website is hard or not.
It is a healthy exercise, and you should be doing it on all your web properties, which has got WordPress.
Install WordFence Security Plugin
Install the WordFence from the WordPress plugins repository. New website and let you know if something fishy is going on.
Once you have installed and activated and setup the WorFence WordPress plugin, go to the Scan area of the plugin and start scanning your website.
If the plugin finds something malicious, it will give you a list of all the files that have got the issue.
It also offers an easy way to delete all the files that were infected and were not part of the core WordPress. But there would still be some files left, which you cannot delete because the course was injected in the core WordPress files.
For such files, you will have to edit the WordPress core files. You need an FTP client to access the root directory of your website and then open the file to make edits. I would recommend you use FileZilla which is available for both Mac and PC.
Alternatively, you can also use File Manager Plugin which also gives you the root access of your server. Using this, you can open the infected file and remove the malicious codes.
Once you have removed the codes from infected files and deleted the files that could be deleted, go to the advanced settings of the scan and enable us to scan the folders and files outside of the WordPress directory, so that it can find other infected files if it has been placed elsewhere.
Enabling this will increase the scanning time because it will have to scan more files and folders, but it is totally worth it because sometimes you may find infected files outside of your WordPress.
Optimize WordFence Firewall
Once you are done with that I would suggest you to go to the firewall section of Wordfence and click on optimize WordFence firewall, it will ask you to download the .htaccess the file for backup and will automatically update with quotes that will maximize the WordPress firewall.
You will immediately notice, the WordFence firewall score increases from 35 % to 55% or maybe even more. It is the setting I am using for the past few years, and I did not find any issue.
I would suggest you read another article talking about how you can secure your WordPress blog so that you can keep the hackers and attackers at bay.