Basics To Keep Your WordPress Website Secure
Basic Prevention: A Guide to Maintaining Your WordPress Website
I have fixed a few hacked WordPress websites lately. A few years ago when I sat on a friends couch waiting for him to build me a website, I didn't think I would know what I even know now. Turns out I have an aptitude for learning WordPress and related items. Here is the thing, I work on WordPress everyday and I will share with you what I know, because while I may have an aptitude for fixing them, prevention is so much easier. At the end of the day if something happens you can always contact me here and we can take care of it for you.
I hate seeing good people get hacked when it could be minimized and most likely prevented.
Where to start if you have a WordPress Website
Remove Non-essential Admins/Users
Don't have anyone who isn't currently working for you remain as an admin on your website. Simply remove them, or adjust their privileges.
Run updates on themes and plugins
I do this for my clients on a regular basis. There can be conflicts with new updates, but there can also be conflicts with never running updates. For example old plugins are abandoned and the code gets old. Then hackers exploit the code and hack your site. Running updates is a simple and basic thing that helps maintain your site.
Use a free or premium plugin
Wordfence and Sucuri are two great options. The key with anything is configuring these options and making sure they don't conflict with other operations of the website.
Do your best to follow the advice from the scans of these plugins. Sometimes core files get altered creating vulnerabilities, or they will notify you if a plugin is no longer being maintained.
Proactively scan your site and run backups of a good site.
Sometimes you get hacked no matter what you do. It's good to have backups of clean versions of your site. If you make frequent changes it's better to have a copy than not at all.
Many hosting companies will make a backup of the site for the client, but I will also make a copy for clients and keep it in compressed in storage for them. It's a time saver.
Lastly, if you have been hacked all perhaps hasn't been lost. There are some steps to fixing a hacked website, but that is another post. If you are having problems with your website feel free to contact to see if we can help.