Unfortunately, I’ve seen a good amount of friends and clients who have WordPress sites that have been hacked. I wrote a post about it in December after 2 clients came to me for help, but one of them had to go the professional route to get her site clean. So very frustrating!
After some research, I thought it would be useful to list a few WordPress great maintenance tips to help prevent hackers from accessing your site, or at the very least, help you restore it if it happens to you (UGH).
1. Don’t use the default “admin” username. If you’re doing a fresh install, there should be a box to uncheck the “default” and create another username. If you have been using “admin” as your username, you can create a new administrator and delete admin, OR if you would prefer to edit it, you can do so via phpMyAdmin through your host. Added to this, regularly change your password and keep it complicated!
2. Delete unused themes. I’ve seen many bloggers keeping themes installed and they can be a way for a hacker to insert the spam code into your site.
3. Keep everything updated. WordPress, themes, plugins….everything.
4. Back up your site regularly. This may be what helps restore your site if you ever get hacked. You can use a plugin or do it manually through FTP access.
5. Use the free Sucuri scanner plugin or even a paid subscription (full disclosure, this is an affiliate link). Sucuri seems to be the most recommended so far, but use whatever you’re comfortable with. Regular scans are encouraged though.
My favorite tips so far are from wptavern.com and are for more advanced (or adventurous) users: move the wp-config.php file, edit the “Secret Keys” within wp-config.php, and even make your dashboard accessible only to certain IP addresses within the .htaccess file.
I hope that this is helpful! Have a tip to add? Comment below!