When a popular blog recommended a plugin to add my ads.txt file into my wordpress website, I didn’t think twice and activated the plugin by uploading the zip file in my site. Little did I know that the plugin had malicious intent. The plugin didn’t solve my problem but much to my dismay directed and redirected my website to some spam website.
No matter what article or page was clicked, it was directed to a spam affiliate site selling some type of prescribed medicine. Finally, I realized that my wordpress website was hacked. Having no expert knowledge, I panicked especially when I realized that all my organic traffic was directed to the spammy website (black hat SEO). My hosting provider too couldn’t help me much except for the backups. All they said was as a developer you should know how to secure wordpress website from hackers.
However, some research, tools and tutorials over the Internet not only helped me in identifying the vulnerability, but also in cleaning them and bringing my wordpress site back to normal. So, after having worked for 36 hours non-stop, I could clean all the mess in the form of malicious codes inserted by the hackers into my wordpress files mainly themes, wp-config.php, wp-content, wp-includes.
I did realize what a fool I have been to ignore timely safety and security measures to safeguard my wordpress website from all sort of vulnerabilities. Ignorance is surely not a bliss after all if you want to keep your website in best of health. And if you need to keep your website in good health, you need to protect it timely by taking proper measures.
Here are certain tips on –
How to Secure WordPress Website from Hackers –
Check for Unused Plugins and Review New Plugins
Plugins are a great resource when it comes to running and operating a wordpress site. However, they are one of the easiest targets for an attack. So, if you are using plugins, make sure it is all updated to the recent versions. Check for the outdated plugins that are no longer maintained by their developers. Disable these plugins and delete all the files from the server.
Be extremely cautious of any new plugins that you upload on your site. Check the reviews, number of downloads so that you know you aren’t uploading a malicious plugin on your site that can make way for attackers to play mischief with your codes.
Check for Themes
Make sure you are using the latest version of your theme because using old versions of theme can give space to attackers to insert malign codes in the php files let alone hack your system completely. The most vulnerable is the .htaccess file. To be well protected it is rather advisable to use paid themes than free themes. However, if you want to use free themes uses reputed ones and do check its reputation in advance.
Avoid Reusing Passwords Across Services
From your wordpress admin password to your hosting password, timely change all your password and ensure that it isn’t an easy access. Now although this seems to be too obvious, it can create a major damage to your site. Besides, always avoid reusing passwords across various services.
Use WordPress Security Plugin to Stay Informed about any Phishing Attack
Some popular and widely used security plugin timely inform you about any phishing attack on your site. Secondly it also helps you to stay protected from hackers. Besides, when you scan your website with this software, it only identifies malicious files and codes in your server and system but also inform you where and what is the issue. The one that came to my rescue was Wordfence security plugin.
These are some of the basic yet very crucial points if you want to know how to secure wordpress website from hackers. Stay Protected. Stay Safe.