Whats the Best way to Protect Wordpress Website from Getting Hacked.
-
Hi All,
I just like to know whats the best way to protect wordpress website for getting hacked. I tried using Wordfence but nothing much happened. I m in shared Host and when ever there is a sign of attack my hosting company takes the site off which affects my site ranking a lot. I m trying to keep all my plugins updated but still it happens . Like to know what other people do . I am open for Paid tool suggestion as well.
Thanks
-
Given what you've shared you either have a target on your back or you have some lingering issues from a past infection. I've seen this before and its a pain is the $%& to deal with, but not impossible.
For preventative measures for anyone with a WP site, I recommend the following:
- Use Wordfence - paid version if you can (minimal cost). Monitor the notifications, use country blocking that you are comfortable with (I disable China, Ukraine, N Korea, and Russia on most sites since most are local sites in the U.S.), and enable front end scanning
- Remove admin account and any other "easy" usernames
- Give all WP users strong passwords
- Use strong FTP passwords
- Don't install any plugins you don't need
- Update everything often! This is the best way to avoid problems.
- Pay attention to the theme you use and they are NOT all created equal. It's not uncommon for some themes to have known or unknown exploits in them, so be careful of the theme you use. Make sure it has good reviews and excellent support. If not, find a different theme.
In your case, I'd do the following:
- Sign up for Sucuri for a year. They will audit your site within 24 hours and will clean any malicious files on the site. Hands down the best service for cleaning WordPress sites. $199.
- Remove un-needed WP users, change all WP passwords, remove Admin or other easy usernames and transfer posts/pages to another user
- Remove un-needed FTP users, change all FTP passwords
- Audit your plugins and get rid of all you don't need
- Keep your plugins, themes, and WP updated.
Hope this helps. It's easier than it sounds when your get a system going.
Joey
-
A more detailed explanation of how you are getting hacked might help
Do you mean you are getting spammy files uploaded to your sites root/editing your current content to include spammy words and links?
The obvious suggestion is to make sure your Wordpress version is up to date but if you are already updating the plugins I would presume you have done this...?
It may be that the hackers have just managed to get into your FTP rather than through your wordpress site so I would make sure you have changed your FTP server password and made it secure.
Are you using any contact forms on your site as this can sometimes be a weakness depending on the plugin used.
Thanks
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Best way to link to 1000 city landing pages from index page in a way that google follows/crawls these links (without building country pages)?
Currently we have direct links to the top 100 country and city landing pages on our index page of the root domain.
Intermediate & Advanced SEO | | lcourse
I would like to add in the index page for each country a link "more cities" which then loads dynamically (without reloading the page and without redirecting to another page) a list with links to all cities in this country.
I do not want to dillute "link juice" to my top 100 country and city landing pages on the index page.
I would still like google to be able to crawl and follow these links to cities that I load dynamically later. In this particular case typical site hiearchy of country pages with links to all cities is not an option. Any recommendations on how best to implement?0 -
How do I get the sub-domain traffic to count as sub-directory traffic without moving off of WordPress?
I want as much traffic as possible to my main site, but right now my blog lives on a blog.brand.com URL rather than brand.com/blog. What are some good solutions for getting that traffic to count as traffic to my main site if my blog is hosted on WordPress? Can I just create a sub-directory page and add a rel canonical to the blog post?
Intermediate & Advanced SEO | | johnnybgunn0 -
Where is sitelinks getting its data from?
Hi, This is an issue that is really upsetting my client. There are sitelinks that are coming up when you search for his business that aren't relevant as the other pages are! I assured him that there is nothing for me to do about it besides for demoting a sitelink, which is simply a suggestion in Google's eyes. 1. I would love to know why they are choosing the titles they are publishing, which is the shortened version of states? Where are they getting it from? I don't have any linking pages with such anchor text. The only thing I can think of is that there is a clickable map that has abbreviated words of that state. Would that do it? How could I change it? 2. Also, why are they choosing pages that are really not the top visited pages on my website instead of the pages that visitors are really interested in? Here is a snapshot of the issue: http://screencast.com/t/9w9C3DPAHvYb Thanks!
Intermediate & Advanced SEO | | Rachel_J0 -
My website has dropped in the rankings drastically. How can I get it back up the SERPs?
I manage a website that I took over 6 months ago - the site was sitting happily on page one of google so I haven't had to do much to keep it there - other than a few onsite improvements. However, last week the site dropped off the SERPs. The site is http://www.pro-techairconditioning.co.uk/content/home.html Could someone please suggest reasons for this and ways to solve the problem? Thanks
Intermediate & Advanced SEO | | SWD.Advertising0 -
Getting links from spammy websites on the same IP
Hey, I'm getting a ton ( 22k) of spammy links from another website which has the same IP address as mine. I've not received any notification from Webmasters but I think I'm getting massively penalized for the same. 1)Should I just go ahead and disavow these links? 2)Are there are other steps with regards to the technical aspects such as Hosting and Domain configurations I should look into to stop this and get ranked properly. 3)Do I need to submit a reconsideration request to Google after I've cleaned up this mess or will I need to wait till the next scrawl? Thanks so much!
Intermediate & Advanced SEO | | suchde0 -
What's the best way to phase in a complete site redesign?
Our client is in the planning stages of a site redesign that includes moving platforms. The new site will be rolled out in different phases throughout a period of a year. They are planning to put the new site redesign on a subdomain (i.e. www2.website.com) during the roll out of the different phases while eventually switching the new site back over to the www domain once all the phases are complete. We’re afraid that having the new site on the www2 domain will hurt SEO. For example, if their first phase is rolling out a new system to customize a product design and this new design system is hosted on www2.website.com/customize, when a customer picks a product to customize they’ll be linked to www2.website.com/customize instead of the original www.website.com/customize. The old website will start to get phased out as more and more of the new website is completed and users will be directed to www2. Once the entire redesign is completed, the old platform can be removed and the new website moved back to the www subdomian. Is there a better way of rolling out a website redesign in phases and not have it hosted on a different subdomain?
Intermediate & Advanced SEO | | BlueAcorn0 -
Best way to preserve site authority / juice when moving a property to Facebook?
Hi, so, I have a website. Let's call it a cooking website with about 300 pieces of content cross-listed among 20 categories. I want to move my entire site, hook line and sinker, to Facebook. My first thought was to do this with a domain-wide 301, as that would preserve most of the authority and juice my site has built over the years... but would this have a corollary effect of unfocusing my keyword strategy? E.g. is there a risk in doing a sitewide 301 to a single landing page, in that some of the juice I'd be passing to my new home page would be from, say, "recipes for jelly donuts?" Has anyone had an experience making a large product transition like this, and are there any current best practices? Thanks!
Intermediate & Advanced SEO | | Kenn_Gold1 -
How would you optimise a news website?
I have been asked for advice on how to optimise a news website whose keywords, almost by definition, change every day according to the articles being written. How would you, for example, do SEO for the NYtimes.com? Great content and subsequent links I'm sure take care of themselves. Just onsite then? If so.... what?
Intermediate & Advanced SEO | | seomasters0