How to Protect Your Website From Hackers?

October 23, 2014 8 Comments

website security

Protecting website from hackers should be an important part of your online business strategy. It is as important as building the very business, i.e. website and content.

Just imagine, you spend time and energy creating content for your website and then, one day someone hacks it, and you lose your entire business.

If you just launched it and haven’t made any money then it is not a big deal though it can be very painful. But imagine if you have your website up and running and making serious money?

That will be like the end of the world. That is why, you need to take some measures to protect your website from being hacked. Most tips that I’m going to cover are related to wordpress sites.

 

1. The first and foremost thing you should do to protect your website, is keep all the material of your website on your computer, so it’s protected if something goes wrong. You can then restore it easily. Keep all your articles, images and affiliate links on your hard drive.

 

2. In the dashboard of your worpress website, in the plugin section you need to install a wordpress importer plugin and activate it.

 

07-02-2014 22-08-07

 

Then through your tools section you need to export your website (choose “all content” option) which includes all your posts, pages, comments, navigation menus, images. Some experts say that this plugin doesn’t export images but I checked it myself and it worked perfect.

07-02-2014 22-14-31

I was able to export all my content including images. Once you’ve exported your site (xml file) keep it on your computer and when you need to restore your site (from hacker’s attack) just go again to your tools section and choose “import” option. Remember to export your site each time you update it.

 

import plugin

 

3. Always keep your wordpress site and all plugins updated because in some cases it can be very important and critical to your website in terms of security. Remember that wordpress updates must always be installed, because they are designed to not only increase security of wordpress sites, but also fix some bugs within the program. It is not difficult at all to update your site. Each time you log in to your wordpress dashboard you will see update notifications.

 

4. You can install “Better WP Security” plugin which can protect your website from unwanted access to your site and many other problems.

 

5. Install as less plugins as possible because when you install too many of them, you can make your website vulnerable to hacking attempts. Install only those plugins that you need and uninstall others that you don’t use.

 

6. One thing you should keep in mind that with a free plugin you have no guarantee that all of the content of your website will be exported in case of necessity. If you want to be 100% confident then I recommend you a paid plugin Backup Buddy http://ithemes.com/purchase/backupbuddy/ With this plugin you can export your complete website and restore it at anytime.

 

7. One of the best ways to protect your website from hackers, is to use strong secure passwords. This makes your website extremely hard to be hacked. Secure passwords should include 1-2 numbers, use upper and lower case characters. To make your password more complex you can add special characters such as @&%! For example, your password might be WebS@!t7

 

8. When you buy a wordpress premium theme, buy it from renowned company such as pagelines.com, elegantthemes.com, solostream.com, wplook.com, themeforest.net, wpzoom.com, studiopress.com etc., These companies release updates from time to time. Never buy a theme that has no updates because at certain point it can cause you serious problems in terms of not only conflicting plugins but vulnerability of your site as well.

 

9. When you create your wordpress account, it comes with “Admin” name by default, which is well known to any hacker and it makes your site vulnerable to hacking attacks. You can change your login name and choose one that is long and hard to guess. Before deleting your existing account you need to create a new account and log out. After that, you delete your old account and then log in using your new account.

 

10. To protect your website you can install a plugin called WordPress Firewall 2. If someone tries to hack your site the plugin will immediately notify you. The plugin does a great job in terms of protection but has some disadvantages as well. Among disadvantages of this plugin is that it can prevent you from editing your wordpress theme. If you need to do this you will have to temporary deactivate the plugin.

 

11. When you buy a wordpress theme, normally it should have a version number and if a hacker knows your wordpress version number it makes your site vulnerable to his hacking attempts. Even if you delete your version number from your webpage, additionally you need to delete readme.html and lecense.txt files from your wordpress directory.

 

12. I don’t know where you host your website (a webhosting company), but if your hosting company provides you with a cPanel then you can add more security to your website thus making access to your login page more complicated. You can simply add password protection to your WP admin folder. To do this you need to log in your cpanel and select “password protect directories”.

 

13. Also you can install a “Wordfence” plugin that limits the number of login attempts. Or you can install a plugin “Limit login attempts” that enables you to limit login attempts as well. With these two powerful plugins you can easily protect your website from unwanted attacks.

 

14. You can also install “OSE Firewall plugin” which is really awesome in terms of protecting your website from hacking attacks.

 

15. You can also make some changes to your “htaccess” file. Just add this code

<Files wp-config.php>

order allow,deny

deny from all

</Files>

By adding this code you can prevent any access to your wp-config.php file which contains information about your site.

 

16. You can also forbid someone to access your website by adding a simple code to your “htaccess” file. Just add the code below to your “htaccess” file and enter the IP address of that person and he will not be able to access your site. If you want to add more people to your ban list just add more lines (deny from 202.090.21.1) to the code below changing specific IP address.

<Limit GET POST>

order allow,deny

deny from 202.090.21.1

allow from all

</Limit>

 

17. You can install a plugin called “Lockdown WP admin”. By installing it you can hide your admin login screen from hackers. The plugin doesn’t change your website core files. Normally, when you log into your website you type (yourwebsite.com/wp-admin) and if someone tries to access your website he types that address.

After installing “Lockdown WP admin” plugin you can change your admin page to whatever you want, for example, (yourwebsite.com/mysafelogin). Now if someone tries to access your website by typing default address (yourwesite.com/wp-admin) he will not be able to access it.

 

And the last thing I can recommend you to protect your website from hackers is choose reliable hosting company that really cares of his customers, such as Hostgator or Godaddy. There are many other hosting companies out there and I mentioned just two of them. Hostgator is #1 webhosting company you can rely on.

I’m a premium member of Wealthy Affiliate and they provide very good service in terms of hosting and website security and additionally there is a great training within a community on how to build a successful business online. If you choose a Hostgator or Godaddy you can always upgrade your hosting plan to increase your website security but you can do it at a later stage when you start making serious money and want to protect your website by taking its security a step further.

 

program-1

 

Filed in: Wordpress

About the Author:

My name is Adam. I'm the founder of Your Income Advisor. My goal is to help others succeed online, by exposing scams and reviewing top rated products. I can help you start your own business online

Comments (8)

Trackback URL | Comments RSS Feed

  1. Imad says:

    Hello, again.

    The security of our websites becomes more important as we grow our business and add more content to the niche we’re addressing. Personally, I’m not using a lot of plugins, but at least, I made it a habit to export everything on my site twice a week.

    I trust WA monitoring and their daily backup plan, but it’s always a good idea to have a second option to protect your assets.

    Thanks for mentioning this sensitive issue.

    Regards.

    • Rufat says:

      I know that their servers are superior in terms of security, but anything can happen and that’s why I too export my site each time I publish new content.

  2. David says:

    Thank you, Rufat! The wisdom you share in this article is so helpful! While we may feel immune to hacker attack, it could happen. It makes sense to be prepared and have taken precautions. You indicate the tips you have provided are for WordPress sites — what can you tell me for Wix sites or other website builders?

    • Rufat says:

      Glad you find it helpful. Yes, we need to prepared for this type of things. It may happen to anyone. But if you host your websites at WA servers then you shouldn’t worry about applying the steps I described here because WA servers are very secure. As for WIx sites, to be honest I have no any experience in that field and you probably can search for the info on youtube or Google.

  3. Diane says:

    Rufat, I read your article on How to Protect Your Website From Hackers and it was very interesting and full of information. Too much for this computer illiterate grandma. I took notes and intend on following some of your suggestions. About how much money do you need to invest in protecting your website efficiently?

    • Rufat says:

      You don’t need any special budget for protecting your website. The points that I’ve mentioned above will be enough for you. But not all of them are necessary. For example, buckupbuddy for two sites will cost you $80 per year. But it’s not necessary until you have an established site that makes you thousands of dollars per month. I’m using free importer plugin that allows me to create a backup of my website for free and it’s absolutely enough for me for the time being. It copies all your content and comments except images. If something goes wrong with your website you can restore it through this importer plugin and as for the images you will have to add them manually. That’s why when your blog starts making you a good income, it’s much safer to pay $80 per year to protect your website.

  4. bioelectrobot says:

    This really is an important topic. I think it is correct to say that most people don’t give this much thought. So, it is extremely important that you are presenting this information. Active hackers are always looking for vulnerable security exploits. Also, there are a lot of robot scripts that are just scanning the web for exploit opportunities. Nobody is immune from these threats. Also, thanks for the export reminder. I don’t do this as often as I need to. In fact, I will go and do an export right now. Great post. You’ve done a thorough job here. I think many people will benefit from reading this. Thanks so much. 🙂

    • Rufat says:

      Of course, it’s very important to protect your website not only from hackers who can destroy all your work in no time, but also from your own mistakes that can lead to a disaster. By disaster I mean I’ve seen many people who didn’t do a simple back up of their site through a simple export/import free plugin and as a result of such carelessness they lost their entire businesses. This is a real disaster I think when you invest time and effort into creation of your website, content etc and don’t do such a simple task as backup and lose your website. As for scanning by robots, that’s true and that’s why to keep your website protected you need always to update your wordpress theme and all your plugins. Also, if you don’t use certain plugins you would better uninstall them for a better protection of your website.

Leave a Reply