Whats the Best way to Protect Wordpress Website from Getting Hacked.
-
Hi All,
I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot. I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.
Thanks
-
Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.
For preventative measures for anyone with a WP site, I recommend the following:
- Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
- Remove admin account and any other "easy" usernames
- Give all WP users strong passwords
- Use strong FTP passwords
- Don't install any plugins you don't need
- Update everything often! This is the best way to avoid problems.
- Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.
In your case, I'd do the following:
- Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
- Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
- Remove un-needed FTP users, change all FTP passwords
- Audit your plugins and get rid of all you don't need
- Keep your plugins, themes, and WP updated.
Hope this helps. It's easier than it sounds when your get a system going.
Joey
-
A more detailed explanation of how you are getting hacked might help
Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?
The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?
It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.
Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.
Thanks
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Best use of Canonical Tag with Mini-Websites
Hello, I was wondering what the best way would be to implement Canonical Tags in kind of a unusual situation. The company I work for creates single property websites for real estate agents. We register a URL such as 123MainSt.com - however through DNS we redirect that to a path. For example: http://www.944milmadadr.com would redirect to: https://www.qwikvid.com/realestate/go/v1/home/?idx=wDg1Gdwt7wnQiR3LMeCx28qPnWTKM0JV If we wanted to rank high in the search engines for our clients: "944 Milmada Dr" - Would it be the best practice to Canonical: http://www.944milmadadr.com ? Thanks in advance for any feedback on this!! Jason
Intermediate & Advanced SEO | | Qwikvid0 -
International website. Di I need a new website
i am looking to expand from the UK and open a location in the US. i curretly have a .co.uk domain. what would you recommend I do with th website, create a new one wth a .com domain?
Intermediate & Advanced SEO | | Caffeine_Marketing0 -
Hacked Wordpress Site! So many 404s
So I had a site that I worked on get hacked. We eliminated the URLs, found the vulnerability (Bluehost!) and rolled back the site. BUT they got into the Google Search Console and indexed a LOT of pages. These pages are now 404 errors and I asked the robots.txt file to make them noindex. The problem is that Google is placing a "this site may be hacked" on the search listing. I asked Google to reevaluate it and it was approved by there are still 80,000 404 errors being shown and it still believes that the uploaded files that we deleted should be showing. Doing a site search STILL shows the infected pages though and it has been a month. Any insight would definitely be helpful. Thanks!
Intermediate & Advanced SEO | | mattdinbrooklyn0 -
URL Index Removal for Hacked Website - Will this help?
My main question is: How do we remove URLs (links) from Google's index and the 1000s of created 404 errors associated with them after a website was hacked (and now fixed)? The story: A customer came to us for a new website and some SEO. They had an existing website that had been hacked and their previous vendor was non-responsive to address the issue for months. This created THOUSANDS of URLs on their website that were then linked to pornographic and prescription med SPAM sites. Now, Google has 1,205 pages indexed that create 404 errors on the new site. I am confident these links are causing Google to not rank well organically. Additional information: Entirely new website Wordpress site New host Should we be using the "Remove URLs" tool from Google to submit all 1205 of these pages? Do you think it will make a difference? This is down from the 22,500 URLs that existed when we started a few months back. Thank you in advance for any tips or suggestions!
Intermediate & Advanced SEO | | Tosten0 -
Training Website Improvements...
Hi Folks, I'm in the process of going over our corporate website with a view to improving on-page optimisation, layout, design and user experience and I would like your feedback on what you think I should improve or change with respect to SEO. Some of my ideas include: Restructure Home Page to Better Show Our Services Possibly Add a Slider to the Home Page (I know engagement rates with these are generally low) Restructure the Course Pages Completely (https://purplegriffon.com/courses/itil-training/itil-foundation-training/itil-foundation) Restructure the Events Pages Completely (https://purplegriffon.com/event/2028/itil-foundation) Improve & Streamline the Booking Process AJAXIFY the Booking Process Improve Responsive Elements I'm also interested in conducting user testing before I go ahead and make any changes. What are your thoughts? What would you change? Thanks. Gaz
Intermediate & Advanced SEO | | PurpleGriffon0 -
Help with Best Content Posting Approach - WordPress site
I have a word document that i would like to add to my wordpress site as a page. The document has a large detailed flow chart of a complex legal process. (about 20+ boxes in the flow chart). I do not want to add it as an image because i want search engines to read/index the information in the flow chart. any suggestions to post this detailed flow chart on a WP page in the best SEO manner? Thanks.
Intermediate & Advanced SEO | | CamiloSC0 -
Combining 2 Websites
Any assistance/feedback is greatly appreciated. The scenario: We currently own two website, and we'd like to combine them and eliminate some expenses. Although the content is very similar in nature, it is not exact. www.KF.com that is managed by a third-party provider & www.KFA.com that is managed by the manufacturer of the product we sell. (*sites url's are not accurate) We have ended the contract of KF.com, however, this site has the best SERP/SEO.
Intermediate & Advanced SEO | | FX4nWOO
We assume we'll take a hit, no matter what we do - however when it comes to SEO, but what is the right move to make? Do a domain "Transfer/Redirect" of KF to KFA.com or Do we simply change the KFA.com to KF.com? Still very much a rookie when it comes to this stuff. I do have the ability to SEO the KFA.com webiste. Hoping this makes sense - and apologize for the bad url's just not sure I can actually post the true addresses. Thanks in advance.0 -
Best way to duplicate a wordpress site for staging purposes?
I want to make some changes to my Wordpress site, and want to somehow set up a live staging area. Does anyone know of a good way to do this? I want all of the same content there I just want to be able to make changes to it and try it all out before going live. Any thoughts on this? Also I want to be sure the staging site doesn't get indexed since it will be a complete duplicate of my existing site. Thanks!
Intermediate & Advanced SEO | | NoahsDad0