page contents
how-to-protect wordpress from hacking

How to Protect WordPress from hacking

Facebooktwitterredditpinterestlinkedinmail

Do you know how to protect WordPress from hacking? Is your website or blog built with WordPress CMS? Are you aware that you may be at risk if you do not protect your website?

Today WordPress Software has become one of the most used Content Management Systems by web developers  or anyone who wants to build easily a blog, website or an online store. Unfortunately if you do not know how to protect WordPress from hacking you may become an easy target.

Below I am going to list some preventive measures that will show you how to protect your WordPress website from hackers and help you improve your WordPress website security.

It’s not guaranteed that you will keep the hackers away, but at least you give them hard time if they try to access and compromise your site.

Change the Default Password & Username

The simplest way on how  to protect WordPress from hacking is to change the default credentials. Any WordPress site can be accessed by adding /wp-admin to the domain name. This will take anyone to the login area where the username and password is required to access the site.

In order to secure your website the default username (admin) should be changed to something harder to guess. Next step is to choose a new password stronger that will include letters, symbols, signs, spaces.

The default WordPress password is very strong but it’s good to change it or add more symbols to it. The length of the password is very important and it should not be less that 16 – 18 characters.

If you already have installed WordPress with the default username & password you can always create a new user. Then give an appropriate name and password, assign the administrator role, and sign out of the account. Next when signing in with the new username go to “Users” and delete the old (that has been created by default) username.

Finally, go to “Users”-“Your Profile” and change the default Nickname with something different than your username. It’s a good practice  as it’s always assigned to the posts and it’s very easy for a hacker to know what is your username by simply looking at the bottom of the posts (see who wrote the post).

If you know how to protect your WordPress  from hacking you will get an advantage against those who try to take down your blog or hack your WordPress website. Changing the username and password of your WordPress  websites or blog should always be prioritized as most WordPress users leave their default login credentials.

Limit Login Attempts

Another best practice is to Limit the Login Attempts. This can be easily achieved by  installing & activating a simple plugin Login LockDown . This plugin is highly customizable and easy to set up. By limiting the login attempts you can protect from the brute force attacks  which is one of the preferred method by the hackers.

There are also different plugins such as Wordfence Security, that allows to limit the login attempts,  scan the website for threats (malware, spyware), perform regular check-ups, block IP’s etc. The Premium version  lets you block  countries (where you will get the most attacks from) , two way authentication (cellphone sign-in), url blocking, etc.

Back Up your Website

Backing up your site is a good practice as it can help you access your files (post, comments, page database, link) in the event they get erased or corrupted. Backing up is relatively easy to achieve.

Just install and activate a plugin such as BuckupBuddy  and you will get the most reliable plugin that is available out there. It is not free but is one of the most used plugins for backing up and for migrating your site from one host to another.

There are also free plugins that do the same thing such as :DropBox Back Up &Restore, BackupWordPress, UpDraftPlus Back Up & Restoration, etc.

Update your WordPress Software and Plugins Regularly

It is recommended that you keep the WordPress website updated  to the latest version as there might be vulnerabilities in the older versions. By doing so you are always a step ahead of the hackers and benefit from the latest security upgrades.  Also all the plugins should be updated regularly in order to get the maximum protection for your site.

Keep wp-config.php file Secure

The most sensitive data about your website is stored into the wp-config.php file . You may want this data to be protected from the prying eyes right? All you have to do is add the below code into your .htaccess file and you are protected against hacking that involves your wp-config.php file.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

Protect against script injection hacks

This is one of the preferred method used by hackers that use JavaScript injections, SQL injections, Jquery Injections to gain access to your site. Sometimes this injections are possible due to vulnerable plugins or themes installed.  In order to protect WordPress from hacking through script injectionsTyou will need to place this code into your .htaccess file in your root directory.

# protect from script injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Disallow PHP file uploads

Hackers always look for for vulnerabilities in your directory where they can post spamming scripts. File permissions are very important as they let us perform tasks in our files but you should be aware that hackers know this and you should never have a 777 permission set up.

If you are using any plugins that allow to rewrite permissions in order to upload or write permissions for images you are vulnerable to hacking. Fortunately, to avoid this from happening place the below code into your .htaccess file located in your root directory. Always back-up your .htaccess file

#redirect php script requests to nothing
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*)\.php$ $1.htm [NC]

#no php access
<files *.php=””>
deny from all
</files>

Stop Directory Browsing

Often hackers are looking for security vulnerabilities in your website or blog by browsing the website directory. In order to prevent this from happening you’ll need to add this piece of code in your .htaccess file located in the root directory.

# disable directory browsing
Options All -Indexes

Keep your Computer free of Viruses & Malware

You may think that this won’t affect your website/blog/online store but if your computer is infected with viruses you can become a very easy target for hackers. Viruses & Malware (keyloggers, macro viruses, trojan, spyware,) are always hidden in programs you download of the Internet, email attachments (never open an . exe file), etc.

Protect .Htaccess file

.htaccess file can be vulnerable to hacking if not properly protected. The code below prevents external access to any file with .hta. To accomplish that just place the below code in your .htaccess file and you are sorted. If using All In One SEO plugin you can edit your .htaccess file from your dashboard.

# STRONG HTACCESS PROTECTION</code>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

Tips: I always recommend backing up your  .htaccess file before doing any modifications or adding any code.

Block Search Engine Crawlers from Indexing the Admin Area

Another way to protect WordPress from hacking is block accessing the admin area. You may not be aware but search engine spiders (crawlers, bots) index every bit of content of your website.

There is nothing wrong with that but you may want to block indexing the admin section as there is very sensitive information about your website. Even if you tell the search engines not to index a particular section of your website you may be certain if they are indexing or not.

The best way to stop the search engines crawlers is to add this code into your robots.txt file in your root directory.

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

Tips: If you are using All In One SEO plugin (WordPress only) you can edit your robots.txt file from your dashboard.

Restrict Admin Area

If you have a site that does not require registration you can restrict access to the wp-admin area by simply adding the following code to your .htaccess file . Replace the zz.zzz.zzz.zzz with your IP address .

<Files wp-login.php>
order deny,allow
Deny from all
Allow from zz.zzz.zzz.zzz
</Files>

Finally, if you are looking for a web developer in Dublin that can show you how to protect WordPress from hacking,  and implement the correct security measures please contact Luigy’s Web Studio at info(at)luigys-web-studio.com . We will make your website, blog, e-commerce store bug free and keep it up-to-date with the latest security software available.

Facebooktwitterredditpinterestlinkedinmail

Why Choose Google Search Advertising?

Facebooktwitterredditpinterestlinkedinmail
Google search advertising services in Dublin

Interested in Google Search Advertising services? Have you wondered why your website pages doesn’t not appear in the first page of Google Search organic page despite spending a lot of money on SEO? Do you want to know how to list your website business or personal page on the first page in Google Search instantly? Then this blog post its for you. (Estimate reading 5 minutes)

Google Ads- PPC (Pay Per Click) or formerly known as Google AdWords its a paid service offered by Google that allows you to create a paid ad (paid search campaign) in order to advertise your product or service on the first page of Google Search. Its very helpful for those who wants to get instant results, traffic to website pages or build brand awareness.

Google Search Advertising allows you to easily manage everything from keywords (word or phrase that a customer enters into the google search), ad types, adjust budgets and bidding strategies. Google PPC aims to drive visits from people who explicitly told the Google search engine that they want a particular service or product.


Top 10 reasons to choose Google PPC- Google Search Advertising

  • Instant reach to your audience compared to standard SEO (you can have a running ad in minutes)
  • Select you ads budget (option to set daily of lifetime). No minimum spend either
  • Build Brand Awareness
  • Choose your own target audience (based on your business target persona), or lookalikes
  • Google is the number one Search Engine used by billions of people, therefore its massive reach can help your business grow very fast.
  • Its PROFITABLE (if the search campaign its well run, well researched and well managed)
  • Its Predictable, Consistent (compared to standard SEO when the algorithms are always changing – Penguin, Panda Hummingbird, Bert etc)
  • Easy measurable results (dont have to be a technology geek to read the insights, results, performance of your search ad campaign)
  • Allows you to create bespoke ads based on keywords and audience of your choice
  • Let you add ads extensions (links to your other website pages, etc), which are very valuable for your business


As you can see Google Search Advertising offers pretty awesome features and its very powerful. Its up to you to decide if you choose Organic SEO or Google PPC Ads for your business. Both offers advantages and disadvantages. Weigh them well and choose whichever think its suitable for you.

If you’re looking for a Digital Marketing Agency in Dublin to help you reach more audiences, increase brand visibility, look no further than Luigy’s Web Studio your online digital marketing specialist. We also offer web design, web development, website maintenance services. Contact us at info(at) luigys-web-studio(dot)com

Facebooktwitterredditpinterestlinkedinmail
social media marketing dublin 15

Travel Survey 2021

Facebooktwitterredditpinterestlinkedinmail

Hi everyone. Below its the link with a Google Form -Travel Research Survey requested by our Tutor Siobhan for the Digital Marketing Course. I would be very grateful if you can take this survey as I want to get insights into the website traffic using Google Analytics.

This survey was created by me along with one of the other colleague from the Digital Marketing Course.

Thank You in advance

Facebooktwitterredditpinterestlinkedinmail

Website Created for Educational and Testing Purposes