How to prevent WordPress hacks?

How would you feel if your website was hacked? How could it affect your business? A hack could:

  • Access your Dashboard, view sensitive data such as scheduled posts, woocommerce orders, user info etc
  • Blacklist your website on Google, permanently affecting seo
  • Give viruses to your site visitors
  • Reduce your sales by preventing users from buying
  • Damage your brand reputation

How long could your afford for your site to be hacked or offline while you fix it?

1. Use Strong Passwords

It may seem obvious, but the majority of successful hacks are because of weak user passwords. Make sure your password is at least 12 characters long, includes uppercase and lowercase characters, symbols and numbers. Test your password strength here it may be time to use a new password. WordPress is good at recommending strong passwords but they are difficult to remember without saving them. Consider a strong password that will be say to remember, such as My66WordPress$Login, which would take 552 quadrillion years to crack.

2. Keep admin accounts to a minimum

We have often seen WordPress installations with 10+ admin accounts for different users, who have all reset their passwords to be easier to remember. This makes for more possiblities for a hacker to get in. It’s good to assign 1 person who has website administrator privileges, everyone else can just be authors or editors.

3. Security Plugins

Use one of many security plugins to help protect your website. We recommend WordFence for WordPress. This plugin reduces log in attempts and will notify you of any suspicious activity. You can also scan your website which detects if there are an malicious files, and removes them.

4. No dodgy plugins

Plugins are one of the best parts of WordPress and can add lots of new features to your website, but it’s important to be careful before installing a new one.

Some plugins have vulnerabilities which are undetected until a hacker finds it.

You should avoid having too many plugins. Only use a plugin that has been updated in the last 6 months, and always check the reviews.

5. Update

WordPress automatically applies security updates, but plugins don’t. You will need to make sure you are manually updating your plugins to keep your site secure. Not all plugin updates are related to security but it’s worth checking regularly.


How to fix your site after it’s been hacked? With WordPress it’s not difficult, especially if you have regular backups. Guide coming soon…


of course we can look after you site instead, find out about our maintenance here