Protecting website from hackers should be an important part of your online business strategy. It is as important as building the very business, i.e. website and content.
Just imagine, you spend time and energy creating content for your website and then, one day someone hacks it, and you lose your entire business.
If you just launched it and haven’t made any money then it is not a big deal though it can be very painful. But imagine if you have your website up and running and making serious money?
That will be like the end of the world. That is why, you need to take some measures to protect your website from being hacked. Most tips that I’m going to cover are related to wordpress sites.
1. The first and foremost thing you should do to protect your website, is keep all the material of your website on your computer, so it’s protected if something goes wrong. You can then restore it easily. Keep all your articles, images and affiliate links on your hard drive.
2. In the dashboard of your worpress website, in the plugin section you need to install a wordpress importer plugin and activate it.
Then through your tools section you need to export your website (choose “all content” option) which includes all your posts, pages, comments, navigation menus, images. Some experts say that this plugin doesn’t export images but I checked it myself and it worked perfect.
I was able to export all my content including images. Once you’ve exported your site (xml file) keep it on your computer and when you need to restore your site (from hacker’s attack) just go again to your tools section and choose “import” option. Remember to export your site each time you update it.
3. Always keep your wordpress site and all plugins updated because in some cases it can be very important and critical to your website in terms of security. Remember that wordpress updates must always be installed, because they are designed to not only increase security of wordpress sites, but also fix some bugs within the program. It is not difficult at all to update your site. Each time you log in to your wordpress dashboard you will see update notifications.
4. You can install “Better WP Security” plugin which can protect your website from unwanted access to your site and many other problems.
5. Install as less plugins as possible because when you install too many of them, you can make your website vulnerable to hacking attempts. Install only those plugins that you need and uninstall others that you don’t use.
6. One thing you should keep in mind that with a free plugin you have no guarantee that all of the content of your website will be exported in case of necessity. If you want to be 100% confident then I recommend you a paid plugin Backup Buddy http://ithemes.com/purchase/backupbuddy/ With this plugin you can export your complete website and restore it at anytime.
7. One of the best ways to protect your website from hackers, is to use strong secure passwords. This makes your website extremely hard to be hacked. Secure passwords should include 1-2 numbers, use upper and lower case characters. To make your password more complex you can add special characters such as @&%! For example, your password might be WebS@!t7
8. When you buy a wordpress premium theme, buy it from renowned company such as pagelines.com, elegantthemes.com, solostream.com, wplook.com, themeforest.net, wpzoom.com, studiopress.com etc., These companies release updates from time to time. Never buy a theme that has no updates because at certain point it can cause you serious problems in terms of not only conflicting plugins but vulnerability of your site as well.
9. When you create your wordpress account, it comes with “Admin” name by default, which is well known to any hacker and it makes your site vulnerable to hacking attacks. You can change your login name and choose one that is long and hard to guess. Before deleting your existing account you need to create a new account and log out. After that, you delete your old account and then log in using your new account.
10. To protect your website you can install a plugin called WordPress Firewall 2. If someone tries to hack your site the plugin will immediately notify you. The plugin does a great job in terms of protection but has some disadvantages as well. Among disadvantages of this plugin is that it can prevent you from editing your wordpress theme. If you need to do this you will have to temporary deactivate the plugin.
11. When you buy a wordpress theme, normally it should have a version number and if a hacker knows your wordpress version number it makes your site vulnerable to his hacking attempts. Even if you delete your version number from your webpage, additionally you need to delete readme.html and lecense.txt files from your wordpress directory.
12. I don’t know where you host your website (a webhosting company), but if your hosting company provides you with a cPanel then you can add more security to your website thus making access to your login page more complicated. You can simply add password protection to your WP admin folder. To do this you need to log in your cpanel and select “password protect directories”.
13. Also you can install a “Wordfence” plugin that limits the number of login attempts. Or you can install a plugin “Limit login attempts” that enables you to limit login attempts as well. With these two powerful plugins you can easily protect your website from unwanted attacks.
14. You can also install “OSE Firewall plugin” which is really awesome in terms of protecting your website from hacking attacks.
15. You can also make some changes to your “htaccess” file. Just add this code
deny from all
By adding this code you can prevent any access to your wp-config.php file which contains information about your site.
16. You can also forbid someone to access your website by adding a simple code to your “htaccess” file. Just add the code below to your “htaccess” file and enter the IP address of that person and he will not be able to access your site. If you want to add more people to your ban list just add more lines (deny from 202.090.21.1) to the code below changing specific IP address.
<Limit GET POST>
deny from 202.090.21.1
allow from all
17. You can install a plugin called “Lockdown WP admin”. By installing it you can hide your admin login screen from hackers. The plugin doesn’t change your website core files. Normally, when you log into your website you type (yourwebsite.com/wp-admin) and if someone tries to access your website he types that address.
After installing “Lockdown WP admin” plugin you can change your admin page to whatever you want, for example, (yourwebsite.com/mysafelogin). Now if someone tries to access your website by typing default address (yourwesite.com/wp-admin) he will not be able to access it.
And the last thing I can recommend you to protect your website from hackers is choose reliable hosting company that really cares of his customers, such as Hostgator or Godaddy. There are many other hosting companies out there and I mentioned just two of them. Hostgator is #1 webhosting company you can rely on.
I’m a premium member of Wealthy Affiliate and they provide very good service in terms of hosting and website security and additionally there is a great training within a community on how to build a successful business online. If you choose a Hostgator or Godaddy you can always upgrade your hosting plan to increase your website security but you can do it at a later stage when you start making serious money and want to protect your website by taking its security a step further.