4 Simple Ways to Protect your WordPress Site from Viruses, Malware and Hackers

Almost all of our clients have been targeted by a malicious attack on their WordPress site. When they first come to us, they are in utter panic, stressed and quite confused on what to do. Only after we do our job and restore their site to its former virus-free glory, does color return to their face and they begin to calm down.

It pains us to see our clients go through so much worry, when they could have avoided the disaster by taking only a few preventative steps. You can save yourself from a major fiasco if follow some of the steps we’ve outlined below to help protect your WordPress site from viruses, malware and hacker attacks:

1. Update your site’s theme & plugins

Updates for WordPress and its plugins are frequently released by their official teams. These updates contain fixes for freshly discovered security loopholes to prevent possible attacks. So make sure you regularly update your site.


2. Backup

An extremely important task in managing your site is regularly backing it up, especially before making new changes. You can use a plugin or do it manually. So if your site does unfortunately get compromised, then with the help of your backup files you can switch hosts and be back up and running in no time.


3. Change the login and password from admin

By default the username for WordPress is admin. Create a unique username which isn’t too obvious nor easy to guess; including numbers would be good. The same goes for the password. Set a long password with a mix of upper and lower keys, numbers and symbols.


4. Hide or secure wp-config.php 

The wp-config.php file holds all sensitive data and the configuration of your website, and is quite vulnerable to attacks. You can secure it by adding the following code to the .htacess file in the root directory — changing the coding denies anyone access to the file:

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all

You can also have it moved to the root directory — your_host/wp-config.php — from its default location at host/wordpress/wp-config.php for added protection.