PHPMatters Help You Better Hosting Your PHP-based Sites
How to Secure WordPress to Avoid Site Hacking and Data Loss

How to Secure WordPress to Avoid Site Hacking and Data Loss

WordPress is a widely-used publishing tool that is serving for millions of websites all over the world. As of February, 2004, its newly-launched version of 3.8 has been downloaded for more than 20 million times. Due to the great popularity, the hacking issues against WordPress powered websites have become more and more serious. The hacking sources are various, including the hosting vulnerabilities, theme and plugin loopholes, weak username and password, and improper WordPress installation.

As WordPress is an open source script, things that developers can do to prevent hacking are limited. In this case, webmasters need to take the responsibility to protect their websites. In the following, we have listed some of the most useful methods telling you how to secure WordPress to avoid hacking and malicious intruding.

Select the Safe and Secure WordPress Host

wordpress hostThis is the first thing you need to take into account. Although there are hundreds of thousands of web hosts available offering WordPress hosting online, not all of them can guarantee a safe and secure environment. As investigated, about 40% of the hacking issues are caused by insecure hosting.

To figure out whether the hosting package is reliable or not, there are three useful methods.

  • Check the data center infrastructure to see whether it includes the security measurements like DDoS Attack Response, Firewall, Secured Entrance/Exit, and many more.
  • Check the feature list to see whether the package includes the needed security features like SSL, SSH, Secure POP3, and sFTP, etc.
  • Check the company review to see whether other customers are satisfied with the hosting service or not.

Install Secure Themes/Plugins

WordPress themes and plugins can be used to customize your websites for better appearance and performance. At present, the official WordPress directory offers 2,500 themes and 30,709 plugins online, and the number continues increasing stably. In addition, people can also search for some other targets from third parties. The chances are unlimited, but the prerequisite is to ensure the templates or apps are 100% safe and secure. Generally, all the options available at are of no vulnerabilities.

Keep Everything Updated

This is a very important aspect, but many webmasters simply ignore it. Developers will update the applications when they find and fix the vulnerabilities. Thus, if you still keep the old version, hackers can intrude your site easily as the loopholes are open to the public.

Here, we note only mention the necessity of updating the WordPress core, but also the themes and plugins. All the things residing on your website need to be the latest version.

keep updated

Back Up Website

Keeping backing up your websites constantly can prevent you from losing the valuable data on the website, for you can restore the site to a normal version even if your website have been negatively affected or destroyed from hacking.

In fact, many web hosts nowadays provide people with the backup service, but it doesn’t mean you can leave this job to the hosting providers. Instead, you’d better do it yourself in a daily interval.

Use Strong Username and Password

strong passwordThis can be a common sense for all the website owners, but there are still some people ignore the importance of this aspect. By default, WordPress system will use the word of admin as the username and password, so you have to change them to something complicated with the letters, numbers, symbols, and dashed combined randomly.

Protect wp-config.php File

The wp-config.php file is the most important file for WordPress as it contains all the sensitive information of your website, such as the username, password and local host. In this case, you have to protect the wp-config.php file.

Here, we highly recommend the security keys to make your site hard to be accessed. At present, there are 4 keys and 4 corresponding salts available, allowing you to make them as long and random as possible.

Make Use of Security Plugins

There are a lot of WordPress plugins available that can achieve different functions, some of which can reduce hacking possibilities to a large extent, such as the iThemes Security, Akismet, Better WP Security, and WP Security Scan. You can choose one of them to integrate with your website, and configure the settings according to your real situation to protect your website.

Be Careful About Uploading

upload filesIt is unnecessary that you may need to upload something into your site, such as the images, music files, and movie files. Before uploading, you’d better figure out whether these files have carried the virus that will affect your site negatively. Even after downloading, you have to scan the whole site to check for the malicious data.

Use SSH instead of FTP

Both SSH and FTP are network protocol used for the data communication. However, FTP fails to achieve the same security level as SSH, for the FTP credentials are not encrypted. SSH, however, is totally different. It makes use of the latest advanced technologies and algorithm to ensure a safe data transforming environment.