Whats the Best way to Protect Wordpress Website from Getting Hacked.
-
Hi All,
I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot. I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.
Thanks
-
Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.
For preventative measures for anyone with a WP site, I recommend the following:
- Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
- Remove admin account and any other "easy" usernames
- Give all WP users strong passwords
- Use strong FTP passwords
- Don't install any plugins you don't need
- Update everything often! This is the best way to avoid problems.
- Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.
In your case, I'd do the following:
- Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
- Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
- Remove un-needed FTP users, change all FTP passwords
- Audit your plugins and get rid of all you don't need
- Keep your plugins, themes, and WP updated.
Hope this helps. It's easier than it sounds when your get a system going.
Joey
-
A more detailed explanation of how you are getting hacked might help
Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?
The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?
It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.
Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.
Thanks
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Best way to go about merging 2 sites with significant search volume?
Hi everyone! A client of ours ('Company A') recently acquired another company ('Company B') - both brands carry weight within their industry. Company A's brand name currently registers over 6,500 searches per month, while Company B's brand name draws about 2,500 searches per month. While Company B is smaller, their search volume isn't insignificant. The powers that be plan to discontinue Company B's site at an unspecified date in the future, but it's on the backburner. We'd obviously like to transfer as much of their current ranking as possible, but we also don't want to confuse users. There's additional search volume for term variations such as 'Company B jobs' & 'Company B locations' that we'd like to capture for as long as there's still volume there. Would a microsite with Company B's look & feel (to make it easier to house pages built to capture careers/locations searches) justify its inherent cost, or would it be just as valuable to build a series of landing pages on Company A's site? (Obviously assuming that valid redirects would be in place once Company B's site is taken down.) Thanks in advance!
Intermediate & Advanced SEO | | wilcoxcm0 -
How recovering the ranking after an hacking
Hello, I'm Alexia and a few months ago (end of March) my site has been hacked: hackers have created more than 30.000 links in Japanese to sell tires. I've successfully removed the hack and after 14 days of struggle even decided to change the domain to Siteground as they've been really keen to help. I still have some problems and I desperately need your tips. In search console, Google is informing about the +30.000 404 errors due to the content created by hackers which is not available anymore. I've been advised to redirect those links to 410 as they might have penalty effects in the SERP I have 50 503 server errors recognised by Google back in April but still there. What should I do to solve them? I still have a lot of traffic from Japan, even if I've removed all the content and ask Googled to disavow spamming backlinks. Do you think I have on page keywords? I don't understand how they can still find me. Those KWs are indexed in analytics, but not effective clicks, as the content is not there anymore. I also asked Google to remove links in search console with the tool removing links but not all of my requests have been accepted. My site disappeared from the organic results even if it hasn't been recognised as hacked in Google (there wasn't any manual actions on the Search Console). What can I do to gain the organic positioning once again? I've just tried to use the “Fetch as Google” option on search console for the entire website. Thank you all and I look forward to your replies. Thanks! Alessia
Intermediate & Advanced SEO | | AlessiaCamera0 -
INTERNAL LINKS strategy on our website
Hi Moz-ers, Currently doing an audit of our website. I have two questions on links. How can I see the current state of my internal links? Also, how can I improve our internal links on the website? what is a good framework to follow what should I avoid Thanks, looking forward to learning more on Moz!
Intermediate & Advanced SEO | | Eric_S
Eric0 -
What is best practice for "Sorting" URLs to prevent indexing and for best link juice ?
We are now introducing 5 links in all our category pages for different sorting options of category listings.
Intermediate & Advanced SEO | | lcourse
The site has about 100.000 pages and with this change the number of URLs may go up to over 350.000 pages.
Until now google is indexing well our site but I would like to prevent the "sorting URLS" leading to less complete crawling of our core pages, especially since we are planning further huge expansion of pages soon. Apart from blocking the paramter in the search console (which did not really work well for me in the past to prevent indexing) what do you suggest to minimize indexing of these URLs also taking into consideration link juice optimization? On a technical level the sorting is implemented in a way that the whole page is reloaded, for which may be better options as well.0 -
Wordpress uploads folder issues
Hi, i have recently moved my wordpress blog to a new server.. Previously I had a url as website.com/blog My blog site is now running on the domain website.com Now most of my images are in the correct folder path wp-content/uploads Howerver, some of my images are pointing to a folder /blog/wp-content/uploads and so I am getting many missing image on the front end. How do i get the /blog/wp-content/uploads point to the new url wp-content/uploads Thanks guys.. Taiger
Intermediate & Advanced SEO | | Taiger0 -
2 eCommerce stores that are identical 1 for US 1 for CA, what's the best way to SEO?
Hello everyone! I have an SEO question that I cannot solve given the parameters of the project, and I was wondering if someone could provide me with the next best alternative to my situation. Thank you in advance. The problem: Two eCommerce stores are completely identical (structure, products, descriptions, content) but they are on separate domains for currency and targeting purposes. www.website-can.com is for Canada and www.website-usa.com is for US. Due to exchange rate issues, we are unable to combine the 2 domains into 1 store and optimize. What's been done? I have optimized the Canadian store with unique meta titles and descriptions for every page and every product. However I have left the US store untouched. I would like to gain more visibility for the US Store but it is very difficult to create unique content considering the products are identical. I have evaluated using canonicals but that would ask Google to only look at either the Canadian or US store, , correct me if i'm wrong. I am looking for the next best solution given the challenges and I was wondering if someone could provide me with some ideas.
Intermediate & Advanced SEO | | Snaptech_Marketing0 -
Best way to move a page without 301
I have a page that currently ranks high for its term. That page is going away for the main website users, meaning all internal site links pointing to that page are going away and point to a new page. Normally you would just do a 301 redirect to the new URL however the old URL will still need to remain as a landing page since we send paid media traffic to that URL. My question is what is the best way to deal with that? One thought was set up a canonical tag, however my understanding is that the pages need to be identical or very close to the same and the landing page will be light on content and different from the new main page. Not topically different but not identical copy or design, etc.
Intermediate & Advanced SEO | | IrvCo_Interactive0 -
Is there a way to get my company to appear on its own map individually on mobile instead of with other companies?
For example: If I type in certain keywords for example like exterminating termites tucson on an apple iphone in google organic ranking it will appear with wildcat exterminating with its own individual map in the organic ranking section. How can my company get something like this? Thanks.
Intermediate & Advanced SEO | | Nwext1