How to Protect Your WordPress Site From Getting Hacked

Protect Your WordPress Site From Getting Hacked
65 / 100

Running a WordPress site? You should consider taking simple steps to secure your website to keep it safe from getting hacked.

Often WordPress is a target for hacking with hackers targeting themes, the core WordPress files, plugins, and even the login page.

I’ve been a victim of a redirect hack on my previous site and I’d recommend these simple steps that’ll share in this article that way, it is less likely to be hacked and to be able to recover easier if it should still happen.

How do hackers attack WordPress?

All sites on the web are under constant attack so don’t make the mistake of thinking that yours is an exception. Don’t be surprised to learn that It’s not unusual for a hacker to scan thousands of pages or try to login in hundreds of times a day.

Not forgetting that this is just a single hacker.  Sites are under attack by several hackers at the same time.

Usually, it’s never a person trying to hack your website. Hackers make use of automated software(bots) to crawl and explore weaknesses on websites.

Ways of protecting your website from getting hacked

1. Limit login attempts to your site

Wordfence security plugin has the ability to block bots that repeatedly fill in user names and passwords on the WordPress login page. But I’d suggest using Limit Login Attempts Reloaded if your focus is on limiting those logins.

This plugin allows publishers to automatically block all hackers who enter a set number of failed names and password combinations.

The most amazing part is that you can set it to block hackers after three attempts to guess the password.


  • Limit the number of retry attempts when logging in (per each IP).
  • Configurable lockout timings.
  • Informs the user about the remaining retries or lockout time on the login page.
  • Email notification of blocked attempts.
  • Logging of blocked attempts.
  • Safelist/Blocklist of IPs and Usernames (Support IP ranges).
  • Sucuri compatibility.
  • Wordfence compatibility.
  • XMLRPC gateway protection.
  • Woocommerce login page protection.
  • Multi-site compatibility with extra MU settings.
  • GDPR compliant.
  • Custom IP origins support (Cloudflare, Sucuri, etc.)

2. Back up your site

Creating a daily backup of your site is really important. This way, in the event of a disastrous event the site can be recovered with a backup.

I’d recommend using UpdraftPlus WordPress Backup Plugin It can be configured to email the backups every day or send them to a cloud storage location.

3. Keep your themes & plugins up to date

It’s important to always update all themes and plugins. WordPress provides a way to update all plugins automatically, which is convenient for publishers you can also enable automatic updates.

This way you’ll be assured of having the most up-to-date software.

4. Harden your website security

here you can use a free plugin called sucuri security by GoDaddy which adds an additional layer of security to your site.

Sucuri helps harden the WordPress security to block bad bots from taking advantage of certain kinds of attacks.

These are the features of the free version of Sucuri:

  • Security Activity Auditing.
  • File Integrity Monitoring.
  • Remote Malware Scanning.
  • Blacklist Monitoring.
  • Effective Security Hardening.
  • Post-Hack Security Actions.
  • Security Notifications.

The paid version of Sucuri includes a website firewall.

Sucuri will alert you every time someone logs into your site, helping publishers to identify if a hacker is logging in.

5. About User Agents (UA)

A user-agent is any software, acting on behalf of a user, which “retrieves, renders and facilitates end-user interaction with Web content.

 However, the term user agent has also come to be associated with a header string in HTTP and related technologies that help a hosting server identify the type of operating system and/or device requesting content.

Bots use a lot of different user agents in order to fool websites and sneak in. They sometimes respond by changing to another user agent, so by combining these rules, a publisher stands a chance of blocking a wide range of bad hacker bots.

And that’s with the free version of Wordfence.

The paid version can block entire countries. So if you don’t have legitimate site visitors from certain countries, you can block every visitor that’s coming from those countries.

Moreover, the paid version of Wordfence will protect you in advance from many compromised themes and plugins before those plugins are fixed.

For your site, simply consider taking these simple steps to secure your site from getting hacked. The free versions of these plugins provide an extraordinary amount of protection and the premium versions give even more protection.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

side hustle

Online Side Hustles In Kenya That Pay Up To $50 Per Hour.

Kenyans are known for their entrepreneurial spirit, so it’s no surprise that there are many online side hustles you can consider. There’s no time like the present to start making some extra money. Whether you need to pay down debt, save for a rainy day, or just want to have a little more spending money, there are plenty of side hustles that can help you reach your financial goals.

affiliate programs

Should Freelancers Join Affiliate Programs?

As a freelancer, you may be wondering if you should join affiliate programs. The answer is: it depends. Affiliate programs can offer great benefits, but they may or may not be the best option for you.