Protect Your WordPress Site Against Vulnerabilities

WordPress is an open source platform where individuals can submit and have access to code libraries to enhance the platform. With this, it opens a larger opportunity for malicious activities (hacking) to take place.

As an agency, we've been seeing an increasing volume of attempted site hacks on WordPress sites that we both have built, managed and push traffic to as part of our services, so in this article I'm going to share with you just what we do and advise our clients on, to help protect them from hacking.

How can your site be hacked?

Well, there's many ways that your site can be hacked but the most common are;

• Corrupt passwords
• Access via out of date plugins and platforms
• Through an SQL injection
• Server side
• Trojans

What to do when your site is hacked

If your site is hacked, what most people do is roll the site back to a previous version, this will get you access, but there's a lot of work that needs to be done. Here's how to get your site back and clean it, so it's safe to use, for you and your customers.

1. Roll your site back to a version before the hack took place
2. Run any required updates to platform, server and plugins
3. Change user passwords for all administrative users and check the email addresses of these users to see if any have been changed
4. Run a malware check on your database
5. Initiate a cleanse of your database
6. Check again and change passwords again

After this, you should be good to go, but for a large site, this process can take hours if not days.

How to prevent your site from getting hacked

Well I'm going to speak specifically about WordPress here as 70% of sites are WordPress and the same vulnerabilities just don't happen with bespoke sites, then managed solutions like Shopify remove a lot of these obstacles (other than user error).

So how do you stop your site from getting hacked?

Restrict user access into your site

By limiting the access users have on site, if their user is compromised, you leave yourself in a much less vulnerable position. But also by training users on things like regularly changing passwords, not sharing passwords and using biometrics, you can improve the biggest limiting factor of your site, your users.

Set up notifications for updates and vulnerabilities

If your site, it's platform and plugins are out of date, you leave your self open to vulnerabilities. So, by being notified of any updated that are required, you can get ahead of any prospective breaches and patch before they arrive.

On the same note, with notifications of any vulnerabilities, you can remove plugins that have them until an update becomes available or prepare your site to ensure that you don't suffer a breach.

Choose a reputable hosting provider

With a specialist hosting provider that offers 24/7 support and really knows their game, you remove so much of the headache as a site owner. We personally use Flywheel as our WordPress hosting partner of choice. They're by no means the cheapest, but their assistance in any time of need is second to none.

What you should look out for in any hosting provider is;

• Regular backups
• 24/7 support
• Specialised in the platform
• Malware scans and cleanup
• Development and staging sites

By choosing a provider that has all of the above you'll get support when you need it and uptime, which is so crucial for your business.

Install Wordfence

Our final tip is to install WordFence on all WordPress sites, The Wordfence Team continuously discovers new vulnerabilities in WordPress core, plugins, and themes. They then immediately release new firewall rules that protect against these vulnerabilities, which are deployed in real-time to customers providing the best available intrusion prevention for WordPress.

If you don't have it, install it now.

And there you have it, if you follow these rules, you'll leave yourselves in the best possible position to stop breached and get your site back if one happens. Hopefully it won't, but you'd rather be safe than sorry!