From time to time, customers sites get hacked. Here are the reasons why and how to prevent that from occurring and keeping your WordPress protected.
- Within cPanel always ensure your ModSecurity rule-set is enabled. This can be done by searching for ModSecurity and enabling it on all sites.
- Always ensure your WordPress Install, Plugins and Themes are fully updated at all times. Check monthly to be sure.
- Secure the Login Page and Prevent Brute Force Attacks. ModSecurity already has built-in protection but it always helps to have a second level of protection in case. We recommend installing Wordfence free version.
- Ensure you are using a strong password – preferably longer than 8 characters and a combination of Uppercase, lowercase and numbers at the very least.
- Enabled the FREE let’s encrypt SSL feature to encrypt your data
- Always ensure your contact us page, comments boxes, registration pages have some sort of strong captcha installed. For example Googles Recaptcha plugin for WordPress.
- Change the WordPress database table prefix
- Set strong passwords for your database when installing it or reset it within MySQL Databases icon and update your wp-config.php file with the stronger password.
- Disallow file editing by adding the following to the wp-config.php file: define(‘DISALLOW_FILE_EDIT’, true);
- Set directory permissions as per WordPress’s Guidance – https://codex.wordpress.org/Changing_File_Permissions
- Disable directory listing with .htaccess
- Remove your WordPress version number – Usually just look for a plugin in the Plugin Manager that can perform it. Would be under Security but there are many to choose from.
Using the above techniques will make it extremely hard for any hacker to hack your site. Always perform some sort of security when installing any website, WordPress or not.