I love WordPress and I use it for almost every project.
There is one problem, however, anytime a platform gains widespread popularity and that is that we live in a world full of people whose greatest ambition is to be a problem to others.
It’s sad really – that they see no greater good for their life, but that’s another issue.
I’ve taken a number of steps to secure this site and others. And reality is there is no “bulletproof” solution. But you can, and MUST, take steps to protect your work.
For $5 you can hire someone on Fiverr to fix your hacked site – or upgrade your security. If gone that route with success.
How would you know if your site has been hacked?
Watch the footer part of your browser bar when visiting your sites. If you see unusual domain names showing up, you’ve probably been hacked.
Next, via FTP check your site files. With WordPress almost everything should have the same date, correlating with when you installed it. If you see a different date on a file, right click on the file in your FTP program and “Edit” it.
As you scan through the code look for “base64 code (‘98798709023jlj230498jl;jh08d’)”
Hackers use base64 code (easily decrypted code – do a Google search for “base64 decoder”) to inject their junk. You can delete the code yourself if your comfortable with that.
It’s probably best to hire someone to clean things up for you, because hackers are tricky. But if you prefer to do it yourself, here’s an excellent post I’ve swiped –
Check the access logs to find how the one got in and from where , ask your host to blacklist that IP . Follow up some of these steps to be sure that you are safe .
1 . Update your WordPress to the latest version .
2 . Update your all plugins as well .
3 . Keep backup for your site , maybe you may try some plugins for the database backup ; which keeps the site backup going as some separate remote space or to your email .
4 . Once hacked , try changing your login password for wordpress , cPanel and even database that you are using . Or i prefer you to create a new user for the same database and use it and delete the old once’s .
5 . Use the WordPress Key Generator to generate keys (https://api.wordpress.org/secret-key/1.1/) . I didn’t know much about wordpress keys but it is another important security measure. These keys work as salts for WordPress cookies thus, ensuring better encryption of user data.
6 . Install WP Security Scan Plugin , This plugin is the real deal. It’s simple and automates stuff. It will scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc. If the texts are in green in the admin panel then you should be good.
7 . Block search engine spiders from indexing the admin section .
To do so , create a robots.txt file in your root directory. Then place the following code in the file:
8. Secure your WP-CONFIG . it contains all the sensitive data and configuration of your blog and therefore we must secure it through .htaccess. Simply adding the code below to the .htaccess file in the root directory can do the trick .
There are many , but maybe the above may help you to secure your site and keep it stable for longer .