Unfortunately, I’ve seen a good amount of friends and clients who have WordPress sites that have been hacked. I wrote a post about it in December after 2 clients came to me for help, but one of them had to go the professional route to get her site clean. So very frustrating!
After some research, I thought it would be useful to list a few WordPress great maintenance tips to help prevent hackers from accessing your site, or at the very least, help you restore it if it happens to you (UGH).
1. Don’t use the default “admin” username. If you’re doing a fresh install, there should be a box to uncheck the “default” and create another username. If you have been using “admin” as your username, you can create a new administrator and delete admin, OR if you would prefer to edit it, you can do so via phpMyAdmin through your host. Added to this, regularly change your password and keep it complicated!
2. Delete unused themes. I’ve seen many bloggers keeping themes installed and they can be a way for a hacker to insert the spam code into your site.
3. Keep everything updated. WordPress, themes, plugins….everything.
4. Back up your site regularly. This may be what helps restore your site if you ever get hacked. You can use a plugin or do it manually through FTP access.
5. Use the free Sucuri scanner plugin or even a paid subscription (full disclosure, this is an affiliate link). Sucuri seems to be the most recommended so far, but use whatever you’re comfortable with. Regular scans are encouraged though.
My favorite tips so far are from wptavern.com and are for more advanced (or adventurous) users: move the wp-config.php file, edit the “Secret Keys” within wp-config.php, and even make your dashboard accessible only to certain IP addresses within the .htaccess file.
I hope that this is helpful! Have a tip to add? Comment below!
These are some great tips. Thanks so much for sharing.
So glad you find them useful! Thanks for stopping by!
I definitely agree with the tip to change from default admin password to your own, but I did NOT know to delete unused themes. I’ll get rid of the 3 or 4 extra ones I’ve got in my WordPress now! Thanks so much!
I’m glad I could help! Thanks for visiting!
I never knew that old themes could be a hacker entrance…great tips!
Yeah, it’s scary! Have to keep everything up to date. Thanks for visiting!
Okay, I can use all the help I can get on this one!!
I’m very glad I can help! 🙂
Stopping by from SITS and glad I did. These tips are very helpful for a newbie like me. Thanks!
Happy SITS Day! How Scary! I never knew I could get hacked from those extra wordpress themes. Now I want to got delete all the free ones it came with stat. Thanks so much for the tips!
Thank you! Yes, very scary. Hackers really scare the crap out of me but it makes me want to fight. Thanks for stopping by!
I follow all of these except deleting the unused themes. I honestly didn’t know that could be an entry for hackers. Thanks for this!
I’m glad I could help!
Great tips! I need to delete some unused themes. Happy SITS Day!!!
Thank you!
Happy SITS Day! I just backed up the blog (I should know better 😉 and installed the Sucuri plugin. More clean up tomorrow. Thank you for the great tips and reminders. Love your blog!
I’m glad you found them helpful! Thanks for stopping by!
These are fabulous tips! I’m fairly new to WordPress so this is helpful.
Thanks and Happy SITS Day!
xoxo
Thank you for stopping by! Glad you could find the tips helpful!