How to Protect your WordPress Website from Hackers & Spam

If you blog on your own web host with an installation of WordPress, you are first and foremost responsible for the security of your blog. Unfortunately, hackers, spambots, and the like are only getting faster and smarter all the time.

Why should you care?

Many bots (automated programs) try to hack WordPress pages to install spam or link them to bot networks to use in major hacker attacks. This is going on all the time and can affect anyone, at any time.

“Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing.” – WP for beginners

If your blog is hacked, it can mean everything from your website being filled with spam comments to the fact that your entire page needs to be reinstalled. Just like the quote above shows, it can also affect your SEO very negatively.

But there are simple steps you can take today to protect your blog!

It is very common for a WordPress site to have a login with “admin” as the username and something very simple as a password. These bots know this and test for this first.

By changing the username from admin to something else, you have already set up a first protection.

Akismet is a free plugin that comes with you installing WordPress on your web host. What you need to do is activate the extension with a WordPress.com account. When you link your blog to an existing or new wordpress.com account, you will receive an activation code that you use to start the extension.

What Akismet does is protect your blog from spam comments.

Two-step verification is the principle where you must enter something more than your password to log in. For example. a code that is sent via SMS to your mobile. Because it means that even if a hacker bot in another country manages to get your login, it can not log in as access to your mobile phone is also required.

There are several ways to do this for your WordPress blog but I thought I would mention two simple ones.

Choose to log in with your wordpress.com account and put two-step verification on it

• Install and activate the Jetpack plugin if you have not already done so (it is a plugin created by WordPress with lots of great features that make your blog better).
• Go to Jetpack> Settings in the admin panel of your blog
• Click the security tab
• Click in Simple login and press the arrow and select require two-step authentication
• Download and install the Functionality extension or, if you use a child theme, open your functions.php file in your favorite text editor (always make a copy first).
• Above the?> Tag paste the following snippet of code to hide the standard login form so the only way to log in is through wordpress.com with two-step verification.
  add_filter (‘jetpack_remove_login_form’, ‘__return_true’);

Use the Unloq.io extension

unloq.io  is a free service similar to Clef where you get a user, download the app, install Unloq on your blog and then use the app to verify your logins.

You can choose to have both Unloq and a regular login password or let Unloq completely replace your login. If you lose your mobile, you can still log in with a temporary password that is sent to the email that you registered in the app.

Always update WordPress, themes, and all your plugins

A big reason why the WordPress installation, plugins and themes need to be updated so often is that new security holes are discovered and must be covered again.

Therefore, it is important that you always make sure that your entire page is updated – both WordPress and themes and extensions.

A good way to ensure that you can always update your theme even if you have made your own changes and additions is to use a child theme that I wrote about earlier.

Install the All in One WP Security & Firewall extension

This security supplement is the one that has superb reviews. Install the All in one WP Security & Firewall extension today for increased WordPress security.