Anyone running a WordPress website should also think about the security of their WordPress installation. I do not accept the argument that WordPress is too insecure. If you take a few little tricks to heart, you can protect your WordPress installation from hackers and other attacks. Make your WordPress secure – I’ll show you how it’s done in this article.
Is WordPress Safe?
I’ve already written about the advantages of WordPress. Since WordPress is (by far) the most widely used content management system, it is, of course, also very popular with hackers. Is that why WordPress is less secure than, for example, the CMS Typo3?
Not at all! However, there are a few things that you should configure during your own WordPress installation in order to increase WordPress security and to harden the system against attacks.
Before I show you the WordPress plugins for more security, however, I would like to say a few words about WordPress and general websites’ general security. 100% security is only theoretically possible on the Internet.
If a professional hacker decides to hack into your very website, there is very little you can do about it. But that’s not really the point, as this is very unlikely. In addition, the relevant hacker must also have the means, tools, and resources to hack your website. However, these targeted hacker attacks only make up a tiny percentage.
Most hacker attacks are rather diffuse and are carried out by so-called script kiddies. Here, there are very easy to use tools and that search for vulnerabilities in websites (including WordPress) randomly and automatically. And you can protect yourself against exactly these script kiddies with a few simple WordPress security plugins.
Why should I protect my WordPress website from hackers?
You may be thinking, “Why should my website be hacked? There’s nothing to get from me!” Such attacks are usually not started in order to harm the actual website operator. Often it is about the following:
Sending spam mails
A hacked WordPress installation is often used to send spam mails – the operator usually does not notice this, as the spam emails are sent in the background.
Viruses and spyware for visitors
Some hacked websites may look normal at first glance, but malware and viruses are being delivered to visitors in the background. Google and other search engines will, of course, notice this, and as a result, your website will be banned from the Google index.
Do you run an online shop, or do you have a newsletter or other sensitive data in your database? Then you should adequately secure your data – so that hackers have no access to your customers’ data.
Checklist for your WordPress security
- Secure password and username for WordPress backend, database, and FTP server
- It is best to use an SFTP web server right away
- Always keep WordPress up to date (latest WordPress version and WordPress updates)
- Use WordPress plugins sparingly and consciously
Plugins to make WordPress more secure
These WordPress security plugins help you to make WordPress more secure. With just a few clicks, you can increase the security of your WordPress installation. Security plugins such as iTheme Security also offer easy installation and are preset in such a way that most threats can be warded off relatively easily. Here is the small but fine list of WordPress plugins to make your WordPress website more secure.
Hide my WP – make your WordPress site invisible to hackers!
The Hide My WP plugin is one of the best-selling security plugins for WordPress. No wonder – this WordPress security plugin is awesome! It not only provides the standard firewall functionalities that a WordPress security plugin should offer.
Hide my WP hides your WordPress installation as such. This means that the attacker cannot see that you are using WordPress at all. Furthermore, the plugins you use will, of course, be concealed from attackers.
So your WordPress website doesn’t appear to be a WordPress CMS at all. This allows you to avoid automated attacks and makes it extremely difficult for hackers to discover known security gaps in outdated plugins or your WP installation.
In addition, the security plugin Hide my WP shows you security gaps in other plugins – very up to date. Granted: The plugin is not free, but the $ 20 is worth it. If your shop/website is down for several days (or weeks) due to hacker attacks, you will see why. Make WordPress secure – child’s play with Hiding my WP.
If you want to learn more about hiding my WP, you can find more information here!
The conclusion to Hide my WP: The perfect plugin to preventively protect your WordPress installation from attacks. Make it particularly difficult for hackers and hide your important WordPress folders from uninvited guests.
The iThemes Security (formerly Better WP Security) plugin secures your blog against hacker attacks of all kinds. IThemes Security is very comprehensive – probably too comprehensive for one or the other.
But don’t worry, the flagship of the security plugins can be set up in small steps thanks to the good explanations and provides explanations and background information for every setting, making it particularly suitable for security beginners.
Nevertheless, iTheme Security offers everything you need for a secure WordPress installation. The following tutorial for the iTheme Security plugin shows you which settings you have to make:
The bottom line for iThemes Security: This security plugin is aimed particularly at beginners and WordPress newbies – most options can also be made manually by WordPress professionals – but you need some know-how for this. Words like Htaccess, Chmod, and FTP shouldn’t be foreign to you.
WordPress Antivirus Plugin
Another possibility for hackers to hijack your WordPress installation is to use compromised theme or plugin files. What does that mean? Some themes are delivered with security holes (some of which are deliberately built-in).
But don’t worry: Large premium WordPress themes usually contain no malware – at least if they are downloaded from the official sources (e.g., Themeforest). However, caution should be exercised with so-called nulled themes or nulled plugins.
Nulled themes are virtually free (and illegal) premium themes and plugins that hackers provide. They have built-in small security holes or scripts in the official theme or plugin that leave your website open to certain attacks. Therefore only ever install plugins from official and trustworthy sites.
Not sure if all of your theme and plugin files are clean? Then you can download the WordPress antivirus plugin and check whether your WordPress installation does not contain any malware or dangerous scripts. Then you can also uninstall the plugin (unless you plan to install additional plugins or themes in the near future).
Conclusion for WordPress antivirus plugin: If you install permanent and constantly new plugins or themes, you should permanently install the antivirus plugin. If you just want to check the current status quo (and don’t want to install further plugins in the near future), you can temporarily install the antivirus plugin and then uninstall it again and, if necessary, delete it.
WordPress Security Plugins Conclusion
This small selection of WordPress security plugins should be enough to harden your WordPress installation and protect it from the most serious attacks. Further security measures can be achieved through manual measures. I will introduce these manual security measures for WordPress in another blog article.
The Hide My WP plugin is the absolute recommendation. But the iTheme Security Plugin, which is free, can also protect your blog. In the speed test, the iTheme Security Plugin does not beat the WordPress website’s speed, at least in my test. In general, of course, always: Use difficult passwords and protect them accordingly – otherwise, the best WordPress security plugin is of no use.