Learning how to protect your WordPress website from hackers is easily done.
An excess of 70% of WordPress users are currently vulnerable to hacker attacks, according to statistics.
Being the most used content manager in the world, it is quite common that you receive attacks from hackers, brute force, and robots. If you have all the options marked by default, you could have a security problem that leaves you without a website or that includes malicious code. Look to see which of these actions you can do to be much more protected.
Table of Contents
There are millions of websites that face severe attacks from annoying people who apparently have nothing better to do with their time than spread misery far and wide: hackers. You don't want to wake up one day and see that your well set up site is no longer yours, right?
Still in doubt about the importance of talking about WordPress security?
Everyone wants to prevent hacking on WordPress. Recovering can take some time and intense effort. Toughen up your WordPress with these WordPress security tips, so that horrible fate doesn't happen to you. Yes, it will take some time and continuous effort to avoid WordPress hacking.
There are many types of attacks, but we will name the best-known cases.
It will do little good to have a bulletproof WordPress website if the server where you have it hosted is a strainer. A hosting service must provide security elements at the server level. It must be the first line of defense.
Use a professional hosting provider
Check the characteristics of the hosting service that you are going to hire for your website and make sure that security is one of their priorities.
We recommend Linux versus Windows. Both platforms have security problems and tend to be attacked by malicious users; however, Linux continues to have a certain advantage thanks to the developer community it has. Linux is not without risks but, so far, it is capable of solving security problems much more quickly and efficiently than Windows.
Here are some of the measures that you should consider in a shared hosting service.
One of the most overlooked ways to strengthen your WordPress security is to install an SSL certificate and run your site through HTTPS. It helps encrypt any information that your visitors may import to your sites, such as personal information or bank details. It keeps everything encrypted and private. A big mistake is that if you don't accept credit cards, then you don't need SSL.
When you install the SSL Certificate, your website will use HTTPS, which means that you will get a familiar padlock icon in front of the URL, indicating that you have a secure connection. In the past, it was only used by e-commerce sites, but now SSL certificates have become an industry standard. As a bonus, Google has now started favouring websites that have a secure website, helping it rank higher.
From the first moment of WordPress installation, you have to specify a series of information that you have to enter in order for WordPress to communicate with the database.
Most of this information is provided by your hosting providers, such as the name of the database, its username, and password. But there is a decision to make: decide the prefix of the tables that will be created for WordPress.
By default, this display is offered prefix wp_so that your tables will be such as wp_options, wp_comments, wp_posts, etc.
Of course, this is something every hacker knows, and it's free information that we give to any potential attacker, who knows that if you don't do a secure install, the WordPress tables - which are standard - will have those full names if you don't change the prefix.
The first place you should start is secure WordPress install even before, in this step: change the prefix for the default tables ( wp_) for another of your choice, for example, wptabla_or X1jM_or whatever you want. The important thing is not how long or complicated it is, but at least do not leave the default prefix.
Another decision that we have to make during the installation of WordPress is the name of the first user to access the administration of our website, a user who by default will have full management permissions.
For years WordPress has offered a default username, which of course you shouldn't use. When choosing the name of your first user to access WordPress, do not choose those common names, such as admin, Admin, root, etc., since they are the first ones that a hacker who wants to take possession of will check.
If there is something dangerous, it is to network with obsolete or insufficiently updated software. Hackers tend to mainly attack sites with older, outdated versions, as they tend to be more vulnerable by not incorporating sufficient protection into known attack types.
Fortunately, WordPress offers an automatic update system, both for the WordPress core itself and for plugins and themes.
By default, you will not have to worry about WordPress security and maintenance updates, as it does them without your intervention. It will simply notify you when it has been updated.
WordPress is safe, and it is normal that it is because there is a large community that takes care of its maintenance, development, and growth, but the same does not happen with plugins.
As much as a plugin is used, many times behind there is a single programmer who, for obvious reasons, does not have the resources or the time necessary to always have his plugin up to date.
It is for this reason that the main route of entry for attacks on a WordPress installation is mostly through non-updated plugins.
WordPress offers us a system of notification and automatic updates of the installed plugins, so when you see that some need to be updated, do not think about it.
If you do not use plugins from the official directory, WordPress may not automatically identify if updates are available. In that case, you should be aware of the developer's website.
If there is a fixed rule in security, it does not matter what measures you apply, there will always be a new vulnerability for which we are not protected, we will always be one step behind malicious attacks. So, in the event of a disaster, the only thing that can save us from the eventual loss of all our content is having backup copies.
Verify that your web hosting provider has full automatic backups. In addition, install a backup plugin like UpdraftPlus, which allows you to schedule different backup tasks, being able to save your copies on another server, send them by email, or even automate their saving in Cloud services such as DropBox, Amazon S3 or Google Drive, among others.
Most of the current attacks against WordPress sites are carried out through massive attempts to access through the login screen, so it is essential to protect internal access to your WordPress.
For this, we can apply different security measures:
Many of the protection measures that we can apply to our WordPress installation are included in plugins specialized in securing WordPress.
Most of them contain settings to avoid brute force attacks, code injections, and modifications of system files, including warning systems so that you are informed of any possible attack in progress.
The most recommended are the following:
If you allow user registration on your WordPress, you must protect yourself against sploggers, users who register massively on websites to try to access its settings, add spam comments, or even inject malware.
The definitive solution for this type of user is, of course, not to activate the user registry (WordPress default behavior). If you have registration enabled for loyalty or marketing reasons, you should install a plugin to detect and eliminate this threat. The best used to be WangGuard, but it closed down so here are the best alternatives.
One of the usual tasks of any administrator of a content manager, such as WordPress, is to control spam in the comments. First, it is a source of distractions and unwanted links on comment forms. Second, some hackers use these forms to inject code that could compromise the security of your WordPress installation.
For this, we should apply different strategies:
If you follow our recommendations, you have a minimal 0.00001% chance that there is a small uncorrected security issue. It is impossible to keep your site 100% free of hackers. What you can do is make it more complicated for vulnerabilities with proper maintenance. If you’re short on time to learn how to execute these website security tips, WP Expert offers an excellent WordPress website maintenance service.
UPDATED: Dec, 31st 2019 - Free icon Maker is now Iconsflow. Create dozens of personalized icons for your App, Web, Creative projects & Startups.
Design outlined, solid, webby and flat icons for free!
Free Icon Maker online apps can help you to add stunning icons to your portfolio, blogs, magazines, or mobile and web application designs.
Here is what they say about they app: "With Free Icon Maker, you are the Designer! It’s easier than you think. Collect all the icons you need for your next design; change gradients and colors, and let your creativity flow! ".
Honestly, it's super easy to use and the best part: it's free!
Enjoy it now at https://freeiconmaker.com/.
Your blog will be hidden amongst the other blogs in no time! SEO can improve your blogs visibility, but it requires your time to understand SEO and to put it into practice. Don’t worry, we’ll give you important SEO strategies to apply to your WordPress blogs!
WordPress provides a user-friendly platform for bloggers to use. It is the industry leader; 34.6% of websites are made using WordPress and has a content management system market share of 61.4%. All the basics of SEO are covered within WordPress and it lets users to easily navigate.
Before we begin, take a look at our SEO 101: A Guide for Beginners blog as it will provide you with a general understanding of SEO.
Keywords are what gets your blog at the top of the list in a Google search. For each article create a keyword strategy and enforce it to maximize the SEO for blogs. There are many platforms out there that provide you with predictive metrics and identify high-impact suggestions. We suggest Moz, Textmetrics, Ahrefs, Kwfinder, and Google Keyword Planner as tools to find the best keywords.
Use the keywords in titles and header tags to boost your SEO value and engage readers in your content. Header tags, such as H2 and H3, instantly make it more readable and serve as visual cues. Many readers skim blogs and focus more on the portion that is captured by the heading that interests them. This doesn’t only count for readers, but as well as search engines. Google scans your blog for content relevant to the searched words and looks at the header tags to understand what the content is about.
That is why it is crucial to make it easier for Google to find the words. The header tags don’t necessarily improve your SEO ranking but provide SEO value. The header tags are an important part of your SEO as they help Google find the keywords. This method of optimization should be always be done!
After conducting target audience research, you will be able to garner content that targets them. Don’t underestimate the quality of content as it can improve your ranking on Google search. Pay attention to grammar, structure, and error-free writing.
Have troubles with creating quality content? There are tools to help you. Besides providing keyword input, Textmetrics can help you with quality content. The platform contains a set of algorithms that are able to interpret wording and suggest changes while writing a text.
The default structure for permalink (URL) is not SEO-friendly as it does not contain any keywords. It is very easy to change your default setting.
How to change your default permalink:
Make sure that you use a URL that includes keywords from your article to optimize your blogs. It should look something like this: https://example.com/your-post-titel.
Meta descriptions show up under your site name on search engines. These sentences are one to three sentences long and hook in the reader. Simply put, meta descriptions should tell your audience why they should click on your blog and read it. Adding meta tags will enhance your SEO and visibility and will encourage readers to visit your blog.
Add links to your blog to enhance the likelihood of your post being at the top of search engines. Research has proven that the more links, external and internal, influences your SEO. External links to other sites is very important, but also internal links will improve the visibility of your other blogs. Don’t forget to include your social accounts on your blog and encourage readers to interact with your social media accounts and on your blog.
A sitemap is a map of your website that allows users and search engine crawlers to understand the structure of your website and easily navigate. It’s a list of URLs that you want to have public to help search engines index your site. WordPress dives into the topic and explains how to create a responsive sitemap in a matter of seconds.
By implementing our top 6 SEO strategies into your blog is vital to see a difference. Its importance is only growing more as more and more blogs come out every day. Don’t let your blog get mixed with the other ones, let it shine and be seen by readers. It’s a necessity that all bloggers need to follow in 2019.
In this article, I am going to explain why it is important to protect and maintain your WordPress website and how in 2019 you can do it in a few easy ways.
I want to share a story, if you’ll allow me. This wasn’t a client of mine, an agency friend told me the story and I think it’s an important one to share.
Tim has a furniture business with an E-Commerce website. This enables him to sell his furniture to customers from across the country and for some pieces, around the world.
When Tim’s website was built by his web agency, they offered to assist him with website security and keeping the website maintained. Tim declined this offer as he wanted to look after everything by himself.
The unfortunate problem for Tim was that he just didn’t have time to do the important maintenance tasks that he needed to do, as well as run his business. He had good intentions when he said he’d look after his website, but time got the better of him, again and again.
As the website was not maintained for more than a year, eventually a security flaw was exploited, one that had long been patched by the developer of the particular plugin. This exploit allowed a malicious attacker to gain full entry to Tim’s website and to steal data from his customers.
Tim was lucky that he didn’t store credit card numbers, but it was a serious data breach and over 10,000 customers were affected. All of this happened because he didn’t take the necessary steps to look after his website.
To repair the damage to Tim’s website, cost Tim over $3,500. He also had to inform his insurance company of the issue and his liability, as well as apologize to every customer whose data was lost. His web agency needed to liaise with the RCMP about the issue.
Tim is thankfully still in business today, but is a lot more careful with his website now.
It doesn’t take a great deal of time to look after a website, but it’s really important that this time is actioned. Maintenance to your website is just as important to your car or your home. If you ignore either of these, eventually things will break down and you’ll have problems.
A WordPress Care Plan from an experienced WordPress agency brings you peace of mind and an expert pair of hands to assist you if there’s ever an issue with your website.
What would peace of mind in your business be worth to you?
In order to help you to avoid the kind of problems which Tim encountered, we’ve created a checklist of maintenance tasks which you need to focus on for your website and separated it into weekly, monthly, quarterly and yearly tasks.
You can download your checklist here.
Use the checklist to assign tasks for yourself or your employees and you can make sure that you stay on track with all of your maintenance tasks. Your website will be safer and more secure if you look after it regularly.
You might find that you have additional tasks to add to the checklist for your specific website. For example, if you have an E-Commerce website - you might want to set a certain day of the week for adding new products or looking at improving existing ones. Feel free to add in extra tasks to your checklist. It should grow organically over time, just like your business.
Now, you need to have your website available 24/7 so visitors can check your services or products anytime. Also, they need to be sure that the buying process is reliable and secure, a good web hosting is a major part of all this!
There are free online monitoring tools that you can use to monitor the uptime of your website. When we say “uptime”, what we mean is the time that your website is available online without being offline for any errors or issues.
The uptime should be 100% or as close to this as possible. If you frequently see short periods of downtime, this means your website was offline and inaccessible to your customers during this time.
Head over to Uptime Robot and make a free account.
Once you’re logged in, set up a new monitor and enter in your website address. It’s important to make sure you choose HTTP or HTTPS here, if your website has an SSL certificate (and it should in today’s modern world!). Set the monitoring interval to 5 minutes and make sure you tick the option to receive an email if your website is ever offline. Then save your new monitor.
Uptime Robot is a very useful tool as you will receive an email if it detects your website is offline. It’s like having an employee checking your website every 5 minutes… 24 hours a day, 7 days a week.
If your website is frequently offline or if you’re not getting an uptime of 99-100%, without a specific reason from your hosting company such as “emergency server maintenance”, then you need to strongly consider if you are hosting your website in a place that is best for your business.
There’s one thing you can do with your website right now that will improve your peace of mind. Let’s make sure you have automated backups of your website in place. This way, if anything goes wrong with your website in the future, you’ve protected your most important asset and made sure that you have backups available to restore your website.
You’ll need about 15-20 minutes of time. So block that off in your diary and let’s get started…
Firstly, you’re going to need a Dropbox or Google Drive account. If you don’t have one of these, they’re both free so please choose one and get that setup first. As a recommendation, Google Drive offers more storage - so is a better choice for storing more backups.
To make the next parts easier, it’s better to follow along with a video tutorial. Our friend Adam over at WPCrafter has a great video tutorial for setting up UpdraftPlus, which is a free backup plugin, on your website. Click here to watch the tutorial.
To add on at the end of the tutorial, Adam doesn’t cover this but it’s a great extra step for peace of mind. Once you’ve finished your first backup, log-in to Dropbox or Google Drive and check to see that your website has been safely backed up and the files are present here. If you can see the newly backed up files, then you’re all set!
Congratulations, you’ve now set up automated backups for your website and made everything more secure. Grab yourself a coffee, you deserve it!
Let me know if you found setting up automated website backups easy. Do you feel better knowing that your website is automatically backed up?
How are you currently managing passwords for your business?
If you’re already using a password manager - that’s great! If you’re not, please read on as this will help to keep your business safe.
A lot of people will store passwords in their browser, write them down or a combination of the two. This is not safe for a number of reasons, but mainly let’s just focus on the fact that your business security is only as good as you or your employees. It’s easy for us to be caught off-guard, and when that happens it can already be too late.
Let’s look at password managers. Here are three that I recommend, they all have a trial period and then a small ongoing fee to cover usage:
Each of the above password managers has a Team/Family option available that allows you to share passwords between your employees. So that you can have one central bank of passwords and then give each employee access to passwords that are relevant for their work.
Most importantly and as a last vital tip - make sure that you are using unique passwords for every website and online account that you access. If any of your passwords is ever leaked through a security breach with a large organisation in the future, it’s much easier to just change one password and not worry that you’re using the same one for PayPal or other critical business websites.
After you’ve setup an account with one of those password managers, go ahead and change your administrator password for your WordPress website, use the generator tool to make sure that your password is not ‘guest. Also, if you are using ‘Admin’ as a username, maybe it is time to change that too!
Time is one of the most precious gifts that we have in this world. Every second that passes is a second that is gone forever. It’s important that we’re able to enjoy every second that we have available to us, and to spend that time wisely.
As with Tim’s story, it’s easy to say you’re going to look after and maintain your website, but even the best laid plans often go to waste.
Without the time spent on maintenance, security and care, you will eventually have a problem with your website. You may have already experienced this, so if you have, you know exactly what I’m talking about!
No-one needs to spend their precious time worrying about a problem with their website. The stress of your website being offline or your customers being affected, just isn’t worth it. Fortunately there is a solution and it’s called WP Expert. Please read on to learn more.
At WP Expert we offer WordPress Care Plans to all of our clients. If your website was built by us, you would’ve been recommended a Care Plan that would suit your business when we launched your website.
If your website wasn’t built by us, we can still help you. We run WordPress Audit on websites that were built elsewhere, which allow us to check your website for any issues and help you to fix these before you join one of our care plans.
If you’d like to see some more information on our WordPress Care Plans please click here.
Our aim is to deliver peace of mind to you and your business. We’ll help you keep your website safe, secure, maintained and updated. This will allow you to focus on the tasks that are most important to you so you can spend more time with your family and loved ones.
I hope you’ve found our article useful.
As you can see, time and expertise are the major factors in keeping your website safe and secure.
I understand that business can be stressful and there’s never enough time in the day to complete every important task. This is why we offer a WordPress Care Plan service to business owners like yourself, giving you peace of mind and comfort knowing that your website is in safe hands.
I’ve recently set up an online call booking system - so let’s have a 15 minute chat about your website and any issues that you’ve been facing.
It will be a great opportunity for you to ask any questions that you have about our WordPress Care Plans and to establish if they are a good fit for your business.
Here’s a link to my booking calendar. Please pick a date and time that is suitable for you and I look forward to talking with you soon.
Below, we're going to help you learn how to backup WordPress with our favourite Top 4 FREE WordPress backup plugins for entrepreneurs that have a limited budget for their website. If something goes wrong, you'll be able to easily restore your WordPress website and save yourself stress of losing leads and sales.
We wrote this quick article for your new ebook called "WordPress Security for Entrepreneurs and Small Businesses".
The backup plugin BackWPup can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like Dropbox, S3, FTP and many more, see list below. With a single backup .zip file you are able to easily restore an installation.
BlogVault is the most reliable backup and restore plugin. Trusted by 220,000 sites and counting, it ensures a stress free WordPress backup and security solution in a single dashboard.
BackUpWordPress will back up your entire site including your database and all your files on a schedule that suits you. Try it now to see how easy it is!
UpdraftPlus simplifies backups and restoration. It is the world’s highest ranking and most popular scheduled backup plugin, with over a million currently-active installs. Backup your files and database backups into the cloud and restore with a single click!
If you need help deciding on which one, installing, setting it up or need help keeping your site secure and fast, let's chat
"The first website I designed was in 1996. It was pure HTML/CSS," began Frederic when I asked him what the catalyst was that sparked his passion.
Frederic grew up in Lyon, France and came for the first time to Canada in 2001. A few years earlier, he had met a woman named Cecile in France, and they had stayed in touch when she moved to Canada. Years later he broke up with his then current girlfriend and visited a friend in Montreal, and Cecile in Toronto. He fell in love with her and decided to officially move to Canada in 2002. Both of them agreed that French food may be better, but Canadian culture is incomparable.
When they lived in Toronto, Frederic worked at the French Catholic School Board and made his way up to becoming a Network Administrator. During this time, they also got married and had their child, Chloe. In 2008, they moved to the capital of Canada because they wanted their daughter to get the best French education.
When they moved to Ottawa, he didn’t have a job and was trying to find free activities to do with his daughter. He began freeactivities.ca which is a platform that provides all the free activities that you can do in Ottawa, and even Canada-wide! He began this website when blogs weren’t all that popular, even though now they have boomed.
Soon after he joined the CIA.
Yes, the CIA. The Canadian Institute of Actuaries!
Frederic worked as a web administrator, and his passion of becoming a web designer blossomed even further.
In 2011, he started IT in MIND, an IT company. From there he started designing websites for clients and realized he really enjoyed it. Two years later, he began WP Expert so that he could focus on what he loved most.
Now, Frederic has a fulltime job and runs two of his own businesses: WP Expert and IT in MIND. His passion for helping others start up their own enterprises has him also volunteering with the Ottawa Tool Library, the Impact Hours and now, the Centre Espoir Sophie.
He did his own accounting at the beginning of IT in MIND, but wished he had hired someone right away. It’s better to leave that to the professionals.
One way to grow your community is by joining a co-working space. Frederic joined Hub Ottawa in November of 2012 and has been an active member since! He even offers his expertise to Hub members every Wednesday at noon during the WordPress Happiness Bar where people can ask any questions they might have about WordPress. He really enjoys being able to help others.
It can either be a mentor that you personally know and look up to, or someone you don’t know and are just inspired by their work ethics. Frederic’s mentors are: Richard Branson, Elon Musk, Warren Buffet, and Bill Gates.
You need a topnotch customer service, no matter the type of business you run. Your clients should be your top priority and for a long-term success, it is good to focus on your clients. They like fast responses and actions, clear communication. Over the years, he has acquired many testimonials on his website regarding his services at WP Expert.
"I highly recommend Frederic for work on your WordPress site. First, he does excellent work, in little time, and at a very fair rate. Second, you will get more than WordPress advice. He takes the time to understand your business, and makes sure that the site is aligned with your business objectives...”
- John Stroud, CEO of Crowdsourcing Solutions
Thanks for reading! Let me know if you enjoyed this article below in the comments. Interested in checking out my other articles? Click here
This plugin will add a responsive portfolio grid in your WordPress site. Highly customizable. Option for choosing custom post type for portfolio.
Advance Portfolio Grid
- Responsive Portfolio Grid.
- Portfolio column settings. 2/3/4 column portfolio.
- Custom post type & custom taxonomy choosing option. You can choose your own custom post type or taxonomy instate of our default portfolio post type & taxonomy.
- Taxonomy exclude feature. You can exclude specific category portfolio to show.
- Portfolio image popup.
- Portfolio image thumbnail size settings.
- Flat and responsive Design for portfolio.
- Shortcode System
- Advance setting panel.
- All modern browser support.
- Very Lightweight & many More
CSSmatic is a "magic" tool for web designers to use when you want to quickly create one of these four CSS effects for one of your WordPress website:
It's super easy to use and can speed up your development time!
Note: that CSSmatic is a non-profit project, made by developers for developers.
Discover it now: http://www.cssmatic.com/
Often using DIVI from Elegant Themes as the main theme for their websites. It so easy to configure and use. The options are endless on what you can do with it: basic content, landing page, blog, contact page, portfolio, pricing page, projects... etc. You name it. DIVI is very flexible. But, it is true that, at the beginning, it can be hard or confusing to understand the principle of ROWS and MODULES.
Hopefully, Elegant Themes has set up an amazing documentation page for the theme with videos for each module. So if you want to learn DIVI, go to http://www.elegantthemes.com/gallery/divi/documentation/
Protecting your site from attackers is important — deepen your knowledge of WordPress security with our collection of resources for everyone using WordPress. From WordPress security fundamentals to expert developer resources, this learning center is meant for every skill level. Learn and discover best practices in our in-depth articles, videos, industry survey results, helpful graphics and more.
The WordPress Security Learning Center