You’re Smart, Look Smart. Harden Your WordPress Website from Hackers


A lot of people use this CMS. Like – millions of people. That means, it’s worth a hackers time to target WP and it’s plugins.

Since many hacks are reusable, it doesn’t matter how big or small your website is. When a weakness is found in WordPress core or, much more commonly, WordPress plugins, it can be exploited over and over.

What Happens if You Get Hacked?

You’re Going to Loose Tru$t

I apologize for the kitschy dollar sign. But it’s true!

Maybe people that read your blog, subscribe to your newsletter, or occasionally purchase items from your e-store aren’t going to be defame you if your website gets hacked. After all, you aren’t Target or Wells-Fargo.

But, you are NOT going to look authoritative and trustworthy if some hack slathers Viagra adds on your website.

An attack like that will erode loyalty. How will someone feel putting their financials into a website that has, or has had spam-y ads on it? ( What’s the point of writing all your content and putting up your products if people are reticent to visit your site or purchase?)

What You Can Do?

There’s lots that you can do to ‘harden’ your WordPress installation. Checkout the Codex for details.

Keep Your WordPress Core and Extensions Updated

Since version 3.7, WordPress core can automatically update. That’s ( mostly ) great because when a vulnerability is discovered WordPress can patch the issue and send out an update. If you’ve enabled automatic updates, you’re site will be secured right away.

That’s really important, considering that when WordPress sends out a patch, the patch itself will make it easier for hackers to exploit the vulnerability that’s being patched. So those who don’t update are in danger of attack from a much larger pool of hackers exploiting the same vulnerability.

But there might be a problem with this system. Your WordPress extensions may not be designed well enough to remain compatible after the update.

That’s right – updates can break your website. The only way to know if you’re safe to update is to maintain a duplicate instance of your website and test updates before making changes to your live website.

Use a Secure Host

Make sure you host with someone who uses the latest versions of all scripts and software. ( It’s not that hard. We always keep our software current! )

Set up a WordPress Firewall

Having a secure host that runs a firewall to protect the server is not the same has having a protected WordPress installation. Find a firewall to protect and harden WordPress.

Use a Secure Device and Network

Your computer, tablet, and phone, or internet network may become compromised by malware or spyware that could make your website login credentials vulnerable to attack. Ensure that your devices are free of viruses and malware. A personal computing device is very often the source of WordPress Website corruption.

Have a Backup Plan

There’s never going to be a internet system that’s totally safe. Knowing that, one strategy for keeping malicious hackers out has to be monitoring to see if they make it inside and what you’ll do when you find out they’ve made it in. Checkout this post to learn more about backing-up.

What’s Next

Our Work

Check out some recent work we’re proud of.

Our Blog

Read our latest ideas about tech, features, messaging, and more.

Get in Touch

Want to discuss a project? Hit us up, we’d love to chat!