Improve your WordPress website security and protection from malicious attacks


Website security and protection is important for those that make a profit from their websites, but any website owner can achieve a certain, presentable, level of website security if some precautions and safety recommendations are conducted and followed through.

Essential steps that lead to a more secure website are:

  1. Update your WordPress platform
  2. Use strong passwords
  3. Get a 2-factor authentication plugin
  4. Use a free or paid, single purpose or all-in-one security plugin
  5. Prevent hacker attack through SQL Injection
  6. Prevent malicious JavaScript code injection
  7. Disable file upload to your website
  8. Check WordPress log file error messages

Update your WordPress platform

The highest number of hacker attacks on websites are done through known holes in the WordPress platform. These “holes” are patched with every WordPress update, so it is important to apply every update as it rolls out.

This is the one single most important aspect of WordPress website security, and if you are not updating then any of the other security recommendation and tips will have very little use.

For those of us that manage more than one website and like to automate this kind of tasks, there are plugins and software solutions aimed at automatic WordPress update for websites.

Use strong passwords

Any password is better than no password, but a strong password is much better than a known sequence of numbers used by thousands of people as a password.

For example, avoid using “123456”, current year and similar predictable number sequence. Instead, try for a specific number and letter combination that has a meaning for you personally but cannot be guessed by anyone else. Always use a combination of letters in upper and lower case and numbers. Password generator and manager software can be useful if you are not creative enough with your passwords.

Get a 2-factor authentication plugin

Knowing that many of us have an additional device that is used for internet browsing, you can apply a 2-factor authentication using a third-party plugin, such as Google Authenticator or other.

Almost every internet users have a smartphone and if not then they can receive two-factor authentication through email service.

Use a free or paid, single purpose or all-in-one security plugin

The biggest benefit of WordPress CMS is using a third party plugin seamlessly. Free or paid security software can make your website security a breeze. Good examples are WordFence, Sucuri Security, BulletProof Security, and others.

These plugins will make security checks for you, comparing your theme and plugins with WordPress repository and marking “outdated” software, checking file integrity, scanning for malware … etc.

Prevent hacker attack through SQL Injection weak spot

Hackers have become more creative and with clever manipulation of the URL parameters, a hacker can make an SQL injection attack. Prevent this from happening by applying a proper PHP code in your WordPress theme, with a possible consultancy with a PHP expert.

Prevent malicious JavaScript code injection

One of the most popular modern coding languages, JavaScript is running our website and our smartphone applications. Hackers that use cross-scripting can run malicious code in the user’s browser and inject malicious code into your pages.

Password protection on sensitive pages is a must for this kind of protection. Additionally, a specific content-security-policy should be added to vulnerable pages.

Disable file upload to your website

If you are sure that none of your website visitors and customers will ever have a need to upload a file to your website, then the best course of action is to deny file uploads. This is done by adding a small number of code lines into your .htaccess file.

Check WordPress log file error messages

WordPress logs error messages and you may just use it to find weak spots of your website that were attacked by hackers and come back with error messages.

The fact that the Internet and our computers are not really security-proof is shown by the slow adoption of Internet-of-things (IoT) which was a really big tech trend a few years ago. It has slowed down to almost a halt because of the rising number of issues and exploits.

I know that many of us deem our websites to a low profile which is not significant enough for hackers to notice them and try to take advantage. However, hackers can spread malicious code and use our own website and its resources to attack a third party. This is why it is important to take steps toward a more secure website.