We protect our WordPress site from hackers

WordPress it is a beloved target of hackers and people who have an interest in taking personal and private information from you and from the users who entrust it to you. These shady individuals focus on themes, WordPress core files, plugins and, last but not least, on login page.

Being the mother of smart guys always pregnant and being the security measures almost always a step behind those who want to cheat them, this article aims to help you build the foundation of the security wall you need for your WordPress site. In this way, you will be able to maintain a certain level of protection for you and your users, living a more peaceful life and giving an impression of more authority and security.

It will then be up to you to explore the issue of security with our Innovando experts to obtain the best protection currently available. This guide aims to make you understand what are the main dangers that your WordPress site runs, and how to do it yourself to fix it quickly.

Why Do Hackers Attack WordPress Sites?

Why would anyone attack my featured WordPress site where I write articles about electric lawn mowers? Why should anyone, even remotely, be interested in my sectoral and specific activity?

There are thousands of reasons why some hacker is interested in you. All sites, not just WordPress sites, are under constant attack. It's not unusual for these people to gather a list of potential websites, including perhaps yours, and use programs that try to log in hundreds of thousands of times a day, until they find the right password. Typically, every website is under attack by more than one hacker at a time, exponentially multiplying the numbers we've already given you.

We're not talking hooded men in a dark garage, wearing mirrored glasses, furiously typing in passwords to try to log in. We are talking about people with more or less normal lives who leave a software specially made to take care of your password, going through attempts until they locate it. And not only passwords, but also possible vulnerabilities of your website in general: weaknesses to be exploited to access your secret gardens.

These "bots" are dangerous because they slow down the traffic on your website - especially if your hosting is not the best - and because sooner or later, with patience, they always find a way to enter and steal everything value in your data. These are called attacks Brute Force.

Repetitive attempts and one after the other who try various combinations until they catch yours Passwordwhich will happen sooner or later.

Install a firewall in WordPress

Un firewall is a program that blocks intrusions. You usually find these firewalls in WordPress plugins, but often they are also made available by hosting companies to protect your domain. A good firewall for your WordPress site is Wordfence, who:

  • It constantly checks your site and warns you when the behavior of visitors who explore it does not conform to that of a human being, but rather that of a bot. If this visitor breaks some rules in a short period of time, Wordfence steps in and automatically blocks the potential bot.
  • Wordfence is programmed to leave i crawlers from Bing or Google, so as not to affect your ranking on search engines.
  • It comes with tons of other specific features that tell you what types of bots are attacking your website, and tell you how to stop them. You will also have the option to block bots by IP address, or by a whole range of IP addresses.

Hide your login page

It doesn't take a hacker to know who, 8 times out of 10, your login address is https://sitowordpress.it/wp-admin . A bad guy needs to find your login page before he can carry out an effective attack. This means accessing your wp-admin folder or /wp-login.php file. Most WordPress sites have the same access point. You can hide this page by renaming it altogether.

How do you prevent brute force attacks?

Every self-respecting administrator must provide strict guidelines on password creation by its publishers. All it takes is a weak login to generate a vulnerable area from which attacks can come. In short: the password of your authors cannot be "ciaomondo", but it should respect a series of safety parameters. Numbers, symbols, uppercase, minimum length.

Limit login attempts it's a good security rule that you can set up on your site WordPress without resorting to the help of a professional. A good number is 3: this way you give the forgetful user room to maneuver, while also preventing the attacker from trying until they succeed. USA WP Limit, a great plugin, for this purpose.

The malware attack

Some websites are attacked not just for the purpose of stealing data, but for the specific purpose of infect via malware. Here too WordFence comes to your rescue, helping you and protecting your precious WordPress site from particularly unwelcome and unpleasant attacks.

Always make a backup

If you have ever dealt with the digital world, you will surely know the importance of creating backups. A daily backup prevents disasters from happening, and helps you sleep soundly. You can use any system at your disposal, the main thing is to do it.

That way should a hacker get the better of your security system, you'd have a chance to restore the data to its original state – then taking appropriate measures to prevent it from doing harm again.

Always update plugins

How many times have I logged into a WordPress CMS and noticed that the plugins were out of date? Someone does not update them for fear of malfunction, others because they don't know that updates are good for you. Keeping your plugins state-of-the-art allows you to have the most up-to-date software available, and therefore the most performing in terms of security – most of the time. If you don't want to update a plugin and you haven't used it for a while, remove it. It's not needed, and it can be a potential hole in your web security.

Worried that your WordPress website isn't secure enough? Contact us and, together with Innovando, you will find all the security answers you are looking for for yourself and for the data you need to protect every day.

If you receive a lot of spam through your contact forms and you want to know how to eliminate it using CONTACT FORM 7, read here:

6 ways to stop WordPress spam with CONTACT FORM 7