There are tons and tons of article you can find on the internet on what to do if the website gets hacked but I am here to give you some really useful tips that can help minimize downtime and prevent future hacks.
Skill Level: Intermediate
1. Backup Backup Backup
This is the first and the most important step. Before you plan on making any changes, make sure you backup your entire website. You can either let your webhost (affiliate link) do this or you can do it yourself via a wordpress plugin. I recommend backup buddy which backs up your entire wordpress blog.
2. Immediately change your admin password
The default wordpress login is “admin” and most hackers know that. You should change this to something else that would be difficult to guess. The best thing to do is delete the default admin and create a new custom login.
Use strong passwords which include upper/lower keys, numbers and symbols. Most hackers try to brute force the password so if your password is really strong, you will be fine in 90% of the cases.
3. Update WordPress Version, themes and plugins
You should always make sure that your updates are up to date. WordPress team creates patches to help fix security holes. Follow wordpress on twitter to find out about the latest updates or you could simply login to your admin.
4. Install a security plugin
There are tons of good security plugins which can scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc.
5. .htaccess Hacks
.htaccess (hypertext access) is the default name of directory-level configuration files that allow for decentralized management of configuration when placed inside the web tree. .htaccess files are often used to specify the security restrictions for the particular directory. This is not an exact tip that falls under the list but you should know about .htaccess because you can do a lot with it to prevent wordpress hack.
6. No Directory Browsing
Its not a good idea to allow your visitors to browse through your entire directory. This is an easy way to find out about directory structures and this makes it easier for hackers to lookout for security holes.
In order to stop this, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog.
# disable directory browsing
Options All -Indexes
And finally if you are doing any sort of eCommerce activities on your website, get a SSL certificate. It makes business sense to get that key layer of security added to your site. Contact us to find out how we can help make your website more secure helping you establish trust with your client base.