10 tips to protect your site

1. Backdoor

Backdoors offer hackers hidden steps to bypass security encryption and access WordPress sites via methods used exclusively by administrators : wp-Admin, SFTP, FTP, etc. By logging in as an administrator, the intruder can carry out cross-site attacks , compromising multiple sites hosted on the same server. Backdoors are often encrypted to appear as legitimate WordPress system files and exploit weaknesses and bugs of the platform’s outdated versions.

How can you prevent backdoor attacks?

• Scan your site with sitecheck  for common backdoors.
• It uses two-factor authentication, IP blocking, administration access restriction, and prevention of unauthorized execution of PHP files.

2. Pharma Hacks

The Pharma Hack is used to inject malicious code into outdated versions of WordPress so that search engines return pharmaceutical ads when a compromised website is searched. This is more of a spam threat than malware but it gives search engines reason enough to block the site on suspicion of spreading spam .

3. Brute-force login attempts

Brute-force login attempts use automated scripts to exploit weak passwords and log into your site .

How can you prevent brute-force attacks?

• Choose strong passwords.
• It uses two-factor authentication, login attempt throttling, unauthorized access monitoring, and IP blocking.

4. Malicious redirects

This type of attack exploits backdoors in WordPress using FTSP, SFTP, wp-admin and other protocols and injects malicious redirect codes into the website . Often redirects are placed in the .htaccess file and other files of the WP core in coded modules.

5. Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is the insertion of a malicious script into a trusted website . The purpose is to take cookie or session data up to rewrite the HTML of a page. This is one of the most frequent vulnerabilities in WordPress plugins.

6. Denial of Service

The Denial of Service (DoS) vulnerability exploits errors and bugs in code to overload the memory of website operating systems by exploiting outdated versions of WordPress software.

1. Choose a reliable hosting provider

To best protect your site, you must first choose a reliable and secure hosting provider . 

• All services have a weekly backup policy for data protection by default .
• Real-time network traffic analysis to identify possible vulnerabilities and correct them.
• Who  carry out quality checks on every business process, from engineering to the release of new software.
• Constant and effective technical support .
• Systems and infrastructure are controlled through a single point in order to be able to intervene quickly.
• Who monitor the quality of service performance in real time to give you all the necessary support.

2. Use smart usernames and passwords

It seems trivial to say yet many use passwords that are too easy to hack: from a 2019 TeamsID ranking, the 3 worst passwords of 2019 were “123456”, “123456789” and “qwerty”. So please choose a strong password that is difficult to steal.

Also on our site you can find a very useful tool for generating secure passwords: try it !

3. Update the PHP version

PHP is the programming language used by WordPress – use an updated version to avoid being exposed to unpatched vulnerabilities. 

As you can see from the official website , about 50% of WordPress users are using PHP that is no longer supported (7.1 and below).

4. Update the WordPress version, plugin and theme

Same thing as the programming language: it is essential to always keep the WordPress core and the various plugins updated , often for security improvements and bug fixes. Often, many companies use outdated software and outdated plugins causing freezes and malfunctions on their website due to bugs in the outdated versions. Usually, WordPress updates are about critical security patches for your site, so why lag behind?

Another tip is to install only trusted and necessary plugins, perhaps choosing them between the “featured” and “popular” sections: remember, do not overload your site with useless plugins.

The main components of a WordPress structure are, in fact, WordPress itself, the installable plugins and the active theme / template (even better if the active template is the only one installed). These components must be updated constantly, preferably weekly.

5. Secure your site with an SSL certificate and HTTPS protocol

SSL certificates help you prevent many types of attacks and threats. The  HTTPS protocol allows client-server protection of data  that cannot be read or used by a hacker without the appropriate private decryption key

7. Protect the database by changing its name

To ensure greater security for your database, you can change the default name (linked to your site) making it less explanatory: in this way it will be more difficult for hackers to identify your database and access its data.

Alternatively, you can use a prefix to the wp_ used by WordPress by default.

8. Assign user roles

For added security it is useful to assign user roles within WordPress so that authors or editors have less skills than administrators, who can make all changes instead.

9. DDos protection

How can you protect yourself from a DDos attack? Use a trusted third-party security service like  Cloudflare , which we are a partner of. In essence, it is a system of servers that act as a filter between users and websites for greater protection from external threats.

A solid backup and disaster recovery policy is essential: we include a weekly backup in all our plans with the option of adding a daily or monthly backup.

Conclusion

There are several tips we have provided to increase the security of your site in WordPress: keep the various elements up to date, invest in security measures and rely on a reliable hosting provider.

We offer a WordPress hosting plan, specially tailored for this CMS: click for the specifications.