7 Steps to Secure WordPress site from Viruses & Malware

Here are few steps to protect our wordpress site.

1. Update! Update! Update!

Most of the common hacks/injections happen because of outdated WP or plugin. WordPress has a very strong community and as soon as a vulnerability is detected, it gets plugged. No excuses for not updating!

2. Delete the ‘admin’ account – Make it harder for the hackers!

WordPress lets you give administrator access to other user accounts. So, instead of using ‘admin’ username use some other unique username.

3. Check your file and folder permissions

File permissions set to 777 are a red carpet welcome for hackers to set up base on your website! A good rule of thumb is to set files to 644 and folders to 755.

4. Hide your wp-config.php

This is another file which is most vulnerable to attacks and by default will be located at your_host/wordpress/wp-config.php. You can move it to the root directory i.e your_host/wp-config.php because WordPress automatically checks the root directory for this file if it doesn’t find it at the default location.

5. Use trusted sources for themes and plugins

Beware of pirated themes and plugins, they usually contain malware or spam bots which at best will hamper your site performance and worst case – steal critical information and spread viruses to its users.

6. Connect to your server securely

Use sFTP or SSH instead of FTP. Use SSL whenever possible. HTTPS is most preferred and secure way of transacting online.

7. Backup regularly

I suggest using a premium backup solution who will take secure and periodic backups of your site, and also gives you the option to switch hosts (migrate) efficiently and in a matter of minutes, if your site gets compromised.

How to prevent wordpress site from malware

Sucuri WordPress Security plugin is the one way to secure our website from malware’s.

This plugin provide some advantages

  1. Security Activity Auditing
  2. File Integrity Monitoring
  3. Remote Malware Scanning
  4. Blacklist Monitoring
  5. Effective Security Hardening
  6. Post-Hack Security Actions
  7. Security Notifications
  8. Website Firewall (add on)

This plugin mostly find list of success and unsuccessful logins with there IP addresses.

Click here to download.