How to Protect Your Website from Hackers

Do you think your site is too small or not important enough to be hacked? Automated bots are constantly crawling websites and testing login details and weak passwords. If you’re hacked, unfortunately, it has nothing to do with the importance of your site to hackers. 

The good news? Protecting your site from website hackers and viruses doesn’t have to be time consuming or stressful. Putting a few basics in place can give you peace of mind, and help you save the time and money you’d need to spend to restore a compromised site.

Choose a Good Website Host

Use a website host with a strong track record and a good technical support team. If something weird is happening on your site – quality tech support is a resource you’ll be thankful to have. There are many reliable website hosting providers out there, one of which is SiteGround, who we use to host our site as well as many of our client sites.

Update your Plugins and Themes Regularly

One of the best ways to keep your website protected is to make sure you keep everything up-to-date.

Hackers are continually finding new ways to get into websites – finding weak code, coming up with new attacks, etc. Also, developers are finding bugs and other opportunities to update their software/code. WordPress sites are built on coded programs… and that code gets updated quite regularly. Those updated files are made available in WordPress, and it’s your job as the website owner to update your WordPress core, themes, and plugins to these latest versions.

WordPress Updates Screen - Protect Your Site from Hackers

I recommend going into your WordPress admin once a week (or at the VERY least, once a month) with the sole goal of updating everything. I go over how to safely perform these updates in this blog post, but generally the steps are:

  • Review your site’s functionality and confirm everything is in working order (if it was broken before you perform any updates – it could be broken after too – so find out the root cause of any issues before you go any further)
  • Perform a full backup of your site
  • Update your plugins and check that your site is still working correctly
  • Update your themes and check that your site is still working correctly
  • Finally, update the WordPress core and once again confirm the site is working correctly
  • Perform a new backup so you have the latest version of your site in your back ups

While some updates are feature-related and can likely wait, some relate to security patches, so it’s a best practice to perform these updates regularly. Also, remember to remove plugins and themes you’re no longer using – even if they’re “inactive” in WordPress, they’re still living in your WordPress files on your server, and therefore potentially vulnerable too if not updated or removed.

Create Unique Usernames and Passwords

Ensure that you have a unique login/user name for your website host and WordPress (i.e., don’t use something generic like “admin”), and have a strong password. I recommend using a secure password generator as well as a password vault like LastPass. Password vaults are awesome tools that store all of your usernames and passwords so you won’t have to worry about remembering all of your funky login credentials.

Store Your Backups in Two Places

Ensure you have a system that stores backups somewhere secure (not just on your server). UpdraftPlus is a great free plugin that backs up your site and stores it to your Google Drive or Dropbox account. If something on your site goes haywire, having your backups in two places adds an extra layer of security.

Install a Firewall and Monitoring Service

Install a firewall and monitoring service, such as WordFence or Sucuri, to further protect your site. This not only blocks malicious attempts to access your site, it can alert you to unexpected login attempts, security vulnerabilities, and more.

Install a Valid SSL Certificate

Ensure that your site has a valid Secure Sockets Layer (SSL) Certificate installed. Especially if your site provides eCommerce functionality, SSL certificates encrypt your customers’ data, keeping it secure from outsiders. Many website hosts offer an SSL with their hosting services.

Do you need help choosing which plugins, themes and tools to use on your WordPress site?

Check out my free 15+ WordPress Tools and Tips guide that includes all of the tools and tips that I have researched, use regularly, and stand by in my business!

Protecting Your Website from Hackers Doesn’t Have to Be Hard

An ounce of prevention goes a long way, and it’s not too hard to do. No one likes to think about website hackers, but if you follow the steps above, you can feel secure in knowing you’ve taken some important steps to thwart attacks on your site.

However, I know the above can still feel overwhelming, especially if you’re short on time. Luckily, we offer website maintenance plans so you can have one less thing to worry about. Our plans are built to match your specific needs, and all plans include backups, software updates, security scans, performance monitoring, uptime monitoring and weekly reports to let you know your site is safe and secure. If you’d like a little extra peace of mind, check out our plans and get in touch!

Pin It on Pinterest

Share This