4 Simple Ways to Protect your WordPress Site from Viruses, Malware and Hackers

Almost all of our clients have been tar­get­ed by a mali­cious attack on their Word­Press site. When they first come to us, they are in utter pan­ic, stressed and quite con­fused on what to do. Only after we do our job and restore their site to its for­mer virus-free glo­ry, does col­or return to their face and they begin to calm down.

It pains us to see our clients go through so much wor­ry, when they could have avoid­ed the dis­as­ter by tak­ing only a few pre­ven­ta­tive steps. You can save your­self from a major fias­co if fol­low some of the steps we’ve out­lined below to help pro­tect your Word­Press site from virus­es, mal­ware and hack­er attacks:

1. Update your site’s theme & plu­g­ins

Updates for Word­Press and its plu­g­ins are fre­quent­ly released by their offi­cial teams. These updates con­tain fix­es for fresh­ly dis­cov­ered secu­ri­ty loop­holes to pre­vent pos­si­ble attacks. So make sure you reg­u­lar­ly update your site.


2. Back­up

An extreme­ly impor­tant task in man­ag­ing your site is reg­u­lar­ly back­ing it up, espe­cial­ly before mak­ing new changes. You can use a plu­g­in or do it man­u­al­ly. So if your site does unfor­tu­nate­ly get com­pro­mised, then with the help of your back­up files you can switch hosts and be back up and run­ning in no time.


3. Change the login and pass­word from admin

By default the user­name for Word­Press is admin. Cre­ate a unique user­name which isn’t too obvi­ous nor easy to guess; includ­ing num­bers would be good. The same goes for the pass­word. Set a long pass­word with a mix of upper and low­er keys, num­bers and sym­bols.


4. Hide or secure wp-config.php 

The wp-config.php file holds all sen­si­tive data and the con­fig­u­ra­tion of your web­site, and is quite vul­ner­a­ble to attacks. You can secure it by adding the fol­low­ing code to the .htacess file in the root direc­to­ry — chang­ing the cod­ing denies any­one access to the file:

# pro­tect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all

You can also have it moved to the root direc­to­ry — your_host/wp-config.php — from its default loca­tion at host/wordpress/wp-config.php for added pro­tec­tion.