One of the reasons why web developers don’t use WordPress is: Hacking. Every day thousands of WordPress sites are hacked. Non-WordPress sites are also hacked though. But, WordPress has a system, so it is easy for hackers to guess most of the common things. Believe me, nothing can be worse than seeing this message on your site, “Your site has been hacked 😉 ”
To be true, I was a victim of hacking once. That feels terrible. To see your site hacked…Thank god, the hacker was kind enough to change the content of only one of the pages. He also advised me to make my site secure, otherwise some other badass hacker will hack it.
So, I resolved to never let it happen again. And, believe me it never happened again. Here, I am going to show you how I achieved it.
1. Security Plugin
Initially, when I was a WordPress newbie, I always wanted to use minimum plugins. I thought “who the heck will have time to hack my site?”
So, I did not use a single security plugin. Guess what happened?
My site got hacked 🙁
Then I experimented with bunch of security plugins. There is a tonne to choose from.
What worked the best is iThemes Security. It offers more than 30 ways to secure your site.
You can choose the ones you feel are okay to apply. Trust me, you don’t need anything other than this plugin.
Okay, you need one more thing. The only feature iThemes Security doesn’t have is Logging.
So, you will need to install Wordfence. It has the logging feature.
What this feature does is, it keeps the records of who logged in to your site, from what IP Address, when and from which location.
This info is gold. As you can keep a check on your site activity and trace someone who logs in without your acknowledgement.
This info is also useful for membership sites, multi author blogs and forums.
Install and configure these two plugins and your site will not get hacked, surely.
2. Backup Plugin
What if something goes wrong and you need your site back?
Use a backup plugin…
There are times when you:
- Update a plugin
- Install a new plugin
- Update your WordPress version
- Change the theme
And your WordPress site is broken.
Now, if you have a complete backup of your site, you won’t worry a bit. At a click of the “Restore” button, you can get back your old site.
I have also experimented with various free backup plugins, but what worked consistently and effectively for me is Updraftplus.
All I can say is this:
I have messed up in my WordPress journey many times. But, with Updraftplus at my side, I was able to bring things back to right way.
If you are a WordPress developer like me, you will have many “Aha!” moments with this plugin.
Pro Tip: Always choose to host your back up files at a 3rd party server. So that when your own server gets moody, you can still get back your site. This is also good when you switch your server 😉
I did not bombard you with 20 security plugins and 30 backup plugins like other articles on this topic.
Because I know they were not helpful, when I needed them. I had to figure everything down myself.
If you still are not serious about your WordPress site security, I will advise you to go install “iThemes Security” and “Updraftplus”. They are free and a lot helpful.
Other tips I can give you are:
- Always keep your passwords strong.
- Keep your WordPress, themes and plugins updated.
- Never download free plugin & themes from sites other than WordPress.org
- Don’t keep the “admin” as a user.
- Keep checking your logs and be alert when you find some malicious activity.
Pankaj Solanki is a freelance Web Developer. He runs his own website development company in Jodhpur. He has 2 years of experience with WordPress and its poetic codes 😉
Thats all how to never hacked your site