Unfortunately, I’ve seen a good amount of friends and clients who have WordPress sites that have been hacked. I wrote a post about it in December after 2 clients came to me for help, but one of them had to go the professional route to get her site clean. So very frustrating!
After some research, I thought it would be useful to list a few WordPress great maintenance tips to help prevent hackers from accessing your site, or at the very least, help you restore it if it happens to you (UGH).
1. Don’t use the default “admin” username. If you’re doing a fresh install, there should be a box to uncheck the “default” and create another username. If you have been using “admin” as your username, you can create a new administrator and delete admin, OR if you would prefer to edit it, you can do so via phpMyAdmin through your host. Added to this, regularly change your password and keep it complicated!
2. Delete unused themes. I’ve seen many bloggers keeping themes installed and they can be a way for a hacker to insert the spam code into your site.
3. Keep everything updated. WordPress, themes, plugins….everything.
4. Back up your site regularly. This may be what helps restore your site if you ever get hacked. You can use a plugin or do it manually through FTP access.
5. Use the free Sucuri scanner plugin or even a paid subscription (full disclosure, this is an affiliate link). Sucuri seems to be the most recommended so far, but use whatever you’re comfortable with. Regular scans are encouraged though.
My favorite tips so far are from wptavern.com and are for more advanced (or adventurous) users: move the wp-config.php file, edit the “Secret Keys” within wp-config.php, and even make your dashboard accessible only to certain IP addresses within the .htaccess file.
I hope that this is helpful! Have a tip to add? Comment below!
Young Work At Home Moms says
These are some great tips. Thanks so much for sharing.
Nicole Kobilka says
So glad you find them useful! Thanks for stopping by!
Nikki says
I definitely agree with the tip to change from default admin password to your own, but I did NOT know to delete unused themes. I’ll get rid of the 3 or 4 extra ones I’ve got in my WordPress now! Thanks so much!
Nicole Kobilka says
I’m glad I could help! Thanks for visiting!
Tiffany says
I never knew that old themes could be a hacker entrance…great tips!
Nicole Kobilka says
Yeah, it’s scary! Have to keep everything up to date. Thanks for visiting!
Seana Turner says
Okay, I can use all the help I can get on this one!!
Nicole Kobilka says
I’m very glad I can help! 🙂
Kirsten says
Stopping by from SITS and glad I did. These tips are very helpful for a newbie like me. Thanks!
Cajun says
Happy SITS Day! How Scary! I never knew I could get hacked from those extra wordpress themes. Now I want to got delete all the free ones it came with stat. Thanks so much for the tips!
Nicole Kobilka says
Thank you! Yes, very scary. Hackers really scare the crap out of me but it makes me want to fight. Thanks for stopping by!
JoAnn says
I follow all of these except deleting the unused themes. I honestly didn’t know that could be an entry for hackers. Thanks for this!
Nicole Kobilka says
I’m glad I could help!
Sonya says
Great tips! I need to delete some unused themes. Happy SITS Day!!!
Nicole Kobilka says
Thank you!
Tammi Young says
Happy SITS Day! I just backed up the blog (I should know better 😉 and installed the Sucuri plugin. More clean up tomorrow. Thank you for the great tips and reminders. Love your blog!
Nicole Kobilka says
I’m glad you found them helpful! Thanks for stopping by!
Jennifer | The Deliberate Mom says
These are fabulous tips! I’m fairly new to WordPress so this is helpful.
Thanks and Happy SITS Day!
xoxo
Nicole Kobilka says
Thank you for stopping by! Glad you could find the tips helpful!