It’s a troublesome procedure to recover if you have a WordPress website being hacked by hackers. Hackers will spam your login, create massive 404 errors, DDOS attack, MSQL injection etc in order to deface your website. Anywhere, anytime.
Prevent being hacked before it happens. To successful secure your WordPress website, you have to harden the security of files & folders, change username & password that not easily to guess, update scripts or WordPress plugins. Here, we will explain the steps to secure your WordPress website.
Change files & folders permission
Secure your WordPress folder to 644 or 755. You can do this by right click on the files/folders in FTP and change it to 0755. If you’re using Cpanel, use the File Manager. Here we have some files that you might want to change the permission to protect it from public access.
- htaccess – 0644
- wp-content – 0755
- wp-config – 0644
- sitemap.xml – 0644
You can change it back and forth in case you need to edit or overwrite the files/folders. Always remember to set it back to 0755 or 0644 after editing. You don’t want any hackers out there peeping on important information of your databases or files in subdirectories. We also recommended to change your WordPress theme files permission to non-writable (0644).
Enforce Strong Passwords
Choose a strong password for your login with combination of uppercase & lowercase alphabets, numbers & special characters. Our recommended password length is 12-15 characters. You can also generate a safe & secure passwords using password generator. Make sure you write down the password in case you forget.
Example of strong password will look like this : 0fvL}T9TaZa3
Login Limit & Brute Force Attacks
Hackers from all over the world, will spam and attack on your WordPress login, make sure to install this useful WordPress plugin called Limit Login Attempts. Use the plugin and lock out any spammers or brute force attack activity for a period of time. Timing can be set in the plugin option.
Backup Databases and Files
Backup your files & databases regularly. If you’re hosting website on Cpanel, use the Backup Wizard function. This feature will automatically generate the backup of your entire website, MySQL databases & emails. If you don’t want to backup everything, do it manually by backing up the MySQL databases using PHPMyAdmin and manually zip your website root files/folders.
Redirect 404 Errors
Hackers will try to and spam to create massive pages that doesn’t exist on your website. Make sure you view your error log files for the errors and redirect it using 301 redirection.
Example of 404 errors : register.html, sign-up.html and the list goes on
Keep your plugins or scripts updated
Next, we will guide you on how to clean up a hacked website.