If you run a WordPress website, you should also think about the security of your WordPress installation. I do not accept the argument that WordPress is too insecure. If you take a few tricks to heart, you can protect your WordPress installation from hackers and other attacks. Make your WordPress secure – I’ll show you how in this article.
Is WordPress secure?
I have already written about the advantages of WordPress. Since WordPress is (by far) the most used content management system, it is of course also very popular with hackers. Is WordPress therefore more insecure than for example the CMS Typo3? Not at all! However, there are some things you should configure in your own WordPress installation to increase WordPress security and harden the system against attacks.
But before I show you the WordPress plugins for more security, I would like to say a few words about the general security of WordPress or general websites. On the Internet, 100% security is only theoretically possible. If a professional hacker decides to hack exactly your website, there is very little you can do about it. But that’s not the point in principle, because this case is very unlikely. Moreover, the hacker in question must also have the means, tools and resources to hack your website. However, these targeted hacker attacks make up only a tiny percentage.
Most hacker attacks are rather diffuse and are carried out by so-called script kiddies. There are tools that are very easy to use and randomly and automatically search for vulnerabilities in websites (including WordPress). And it is exactly these script kiddies that you can protect yourself against with a few simple WordPress security plugins.
Why should I protect my WordPress website from hackers?
You may be thinking to yourself, “Why would my website be hacked? There’s nothing to get from me!” In fact, such attacks are usually not launched to harm the actual website owner. Often it is about the following:
- Sending spam mails
Often a hacked WordPress installation is used to send spam mails – the operator usually does not notice anything about it, because the sending of spam mails happens in the background.
- Viruses and spyware for visitors
At first glance, some hacked websites may look quite normal – but in the background, malware and viruses are delivered to visitors. Google and other search engines notice this of course and as a result your website is banned from the Google index.
- Data theft
Do you run an online store or have a newsletter or other sensitive data in your database? Then you should secure your data adequately – so that hackers cannot access your customers’ data.
Checklist for your WordPress security
- Secure password and username for WordPress backend, database and FTP server
- It is best to use a SFTP web server right away
- Always keep WordPress up to date (latest WordPress version and WordPress updates)
- Use WordPress plugins sparingly and consciously
Plugins to make WordPress more secure
These WordPress security plugins will help you to make WordPress more secure. With just a few clicks you can increase the security of your WordPress installation. Security plugins such as iTheme Security also offer easy installation and are already preset so that most threats can be warded off relatively easily. Here is the small but nice list of wordpress plugins to make your wordpress website more secure.
Hide my WP – make your WordPress site invisible to hackers!
HidemyWP plugin is one of the best selling security plugins for WordPress on CodeCanyon. No wonder – this wordpress security plugin is awesome! It doesn’t just provide the standard firewall functionality that a wordpress security plugin should provide. Hide my WP hides your WordPress installation as such. So the attacker can’t see that you are using WordPress at all. Furthermore, of course, your used plugins are also disguised from attackers. Thus, your WordPress website does not appear to the outside as WordPress CMS. This allows you to avoid automated attacks and makes it extremely difficult for hackers to discover known security vulnerabilities in outdated plugins or your WP installation.
In addition, the security plugin Hide my WP shows you security vulnerabilities in other plugins – and very up-to-date. Admittedly: The plugin is not free, but still worth the $20. If your shop/website is down for several days (or weeks) due to hacker attacks, you will realize why. Make WordPress secure – with Hide my WP it’s a piece of cake.
If you want to learn more about Hide my WP, you can find more information here!
The conclusion of Hide my WP: Perfect plugin to preventively protect your WordPress installation from attacks. Make it especially difficult for hackers and hide your important WordPress folders from uninvited guests.
The plugin iThemesSecurity (formerly Better WP Security) secures your blog against hacker attacks of all kinds. iThemes Security is very comprehensive – probably too comprehensive for some people. But don’t worry, the flagship of the security plugins can be set up in small steps due to the good explanations and provides explanations and background information for each setting and is thus particularly suitable for security beginners.
Nevertheless, iTheme Security offers everything you need for a secure WordPress installation. The following tutorial about the iTheme Security plugin shows you which settings you need to make:
The conclusion for iThemes Security: This security plugin is especially aimed at beginners and WordPress newbies – most options can also be done manually by WordPress professionals – but you need some know-how for that. Words like Htaccess, Chmod and FTP should not be foreign words for you.
WordPress Antivirus Plugin
Another way for hackers to hijack your WordPress installation is through compromised theme or plugin files. What does this mean? Some themes are sometimes shipped with security holes (which are sometimes deliberately built in). But don’t worry: large premium WordPress themes usually don’t contain malware – at least if they are downloaded from the official sources (for example Themeforest). However, you should be careful with so-called Nulled Themes or Nulled Plugins. Nulled themes are quasi free (and illegal) premium themes and plugins that hackers make available. In doing so, they have built into the official theme or plugin small security holes or scripts that leave your website open to certain attacks. Therefore, always install plugins from official and trusted sites only.
Not sure if all your theme and plugin files are clean? Then you can download the WordPress Antivirusplugin and check if your WordPress installation does not contain any malware or dangerous scripts. After that you can also uninstall the plugin (if you don’t plan to install more plugins or themes in the near future).
Not every error message is a security vulnerability. What exactly the individual messages mean, you can look up for example in the WordPress Forum.
Conclusion for WordPress Antivirus Plugin: Who permanently and constantly installs new plugins or themes, should install the AntivirusPlugin permanently. If you only want to check the current status quo (and do not want to install more plugins in the near future), you can install the antivirus plugin temporarily and then uninstall it again and delete it if necessary.
WordPress Security Plugins Conclusion
This small selection of WordPress security plugins should be enough to harden your WordPress installation and protect it from the biggest attacks. Further security measures can be achieved through manual measures. I will present these manual security measures for WordPress in another blog article.
The absolute recommendation gets the Hide my WP plugin. But also the iTheme Security plugin, which is free, can protect your blog. In the speed test, the iTheme Security Plugin does not beat the speed of the WordPress website, at least in my test. In general, of course, always: use difficult passwords and protect them accordingly – otherwise the best WordPress security plugin is useless.