WordPress Security Tips: How to Stop Hackers from Stealing Your Backlinks
Did you know that at an average over 30,000 new websites are hacked every single day?
WordPress is an easy target for hackers because of weak passwords and plugin vulnerabilities.
Most beginners don’t know how to secure their websites and majority of them don’t even think about securing their WordPress websites. If you are one among them, you are in danger.
Recently some of the links from search engine results of BloggersPassion got stolen from hackers. Backdoor malicious script was injected in some of my blog files to steal backlinks. It was so painful for us not just because it costed a lot of money but it eventually dropped the blog sales.
Only until the security attack was happened on BloggersPassion, we started taking more precautions to secure WordPress sites.
If you are also one among those people who had never bothered about securing WordPress sites, stop wasting time and go secure your WordPress sites as soon as possible. Otherwise, even your blog links might also get stolen by hackers.
That being said, this detailed post is written for the purpose of securing your WordPress sites from hackers stealing your backlinks, data or passwords. Let’s dive into the details without further ado.
Table of Contents
- 6 Tips to Secure Your WordPress Sites from Hackers
- #1. Securing from WordPress Brute Force Attacks
- #2. Securing Your WordPress Sites from Malware and Viruses
- #3. iThemes Security (Formerly Better WP Security)
- #4. Setting up Website Firewalls
- #5. Securing Your .htaccess File
- #6. Taking Regular Backups of your Website Files (including blog posts, pages, links and comments)
- 3 More Essential Things We Did at BloggersPassion After The Security Attack
6 Tips to Secure Your WordPress Sites from Hackers
#1. Securing from WordPress Brute Force Attacks
Bruce force attack is the simplest way to gain access to your WordPress sites by hackers. It is a password guessing attack usually aims to steal all your data or backlinks from your sites.
If you are not ready to combat against these attacks, your WordPress sites might get easily hacked.
As they say “prevention is better than cure”, here are few simple ways to secure your WordPress sites from brute force attacks.
Install Limit Login Attempts plugin: This is one of the most popular WordPress (free) plugins to secure your sites from brute force attacks. This plugin limits the login attempts and blocks the IP address of hackers temporarily.
One of the other reasons to use this plugin is that it is a lightweight plugin. It means, even after installing this plugin, it won’t really affect your website loading times. It also uses Captcha verification to detect bots or hackers.
BruteProtect: This an exclusive plugin (free) from Jetpack team to protect your WordPress sites from brute force attacks. Did you know this plugin blocked over a billion attacks on millions of sites? It is so much effective and I highly recommend you to give a try to this plugin as it can save your blog from hackers and password guessers.
#2. Securing Your WordPress Sites from Malware and Viruses
This is the reason why my blog got hacked. It was a malware attack, which was a backdoor script inserted into one of my blog files (I guess so) to steal over 100 links from BloggersPassion. The issue is resolved now and my blog is completely secure from the attacks.
But what I highly recommend you is to secure your WordPress sites from malware attacks. You never know who’s going to hack your site by injecting bad files into your website folders.
I highly suggest you to install Anti-malware security plugin from WordPress as it can secure your WordPress sites from all the malware and viruses. It’s not only a free plugin but it is also one of the very few WordPress plugins that got a full 5 star rating.
This plugin runs a total scan on your website files to automatically remove all the security threads and backdoor scripts (if you have any). It will also keep your blog safe from known vulnerabilities.
Here are few features of this WordPress security plugin.
- It secures your blog from known threats.
- Also saves from login vulnerabilities.
- Keeps it safe from backdoor scripts.
- It will limit the access from others to .htaccess scripts.
- Also gives more protection to timthumb exploits.
If you want to keep your blogs safe from malware attacks, you should definitely install the above plugin.
#3. iThemes Security (Formerly Better WP Security)
Most WordPress users don’t know how to secure their WordPress sites. And I totally understand it.
Better WordPress security involves in changing your admin name to editing your .htaccess files to managing your databases. Not everyone can manage all of them and if you are wondering various ways to make your blog safe from hackers, you should consider installing a plugin that does everything from protection to locking down your sites for better security.
iThemes security is an incredible WordPress plugin that helps you exactly do that.
It locks down WordPress, fixes common holes, stops automated attacks and strengthens your users data.
This plugin protects your WordPress site from the following attacks.
- This plugin prevents brute force attacks by banning hosts and users with too many invalid login attempts.
- It scans your site to instantly report where vulnerabilities exist and fixes them in seconds so you can secure your WordPress sites easily.
- Also bans troublesome user agents, bots and other hosts.
- Strengthens server security.
- Enforces strong passwords for all accounts of a configurable minimum role.
- It forces SSL for admin pages (on supporting servers) and also forces SSL for any page or post (on supporting servers).
- This plugin turns off file editing from within WordPress admin area so you can worry less about backdoor attacks.
- It also detects and blocks numerous attacks to your filesystem and databases so you can harden your WordPress security.
So what are you waiting for? Install this free WordPress security plugin if you want to secure your WordPress site from hackers.
#4. Setting up Website Firewalls
A firewall is a security network that protects your computers and websites. Having a firewall setup is a must if you want to harden your security levels of your website files.
Every firewall uses filtering to filter all the data coming to your servers, networks and websites. It also analyzes data by inspecting all the files so you will be safe from hacking attacks.
If you are wondering how to setup a strong firewall system on your WordPress sites, there’s a great plugin is available for you which is called “Ninja Firewall”.
This plugin itself is a web application firewall, a stand-alone firewall system that sits in front of your WordPress sites to secure your files.
This plugin can scan, inspect or reject any HTTP requests sent to PHP scripts on your websites there by securing your files from malware or other security breaches.
Apart from the above encoded PHP scripts, hackers shell scripts and backdoors will also be filtered by NinjaFirewall.
Here are few incredible features of this plugin.
- This plugin is a full stand-alone web application firewall. It works before WordPress is loaded.
- It has a powerful filtering engine.
- Supports a large set of encodings.
- It also has an anti-Malware Scanner.
- Blocks/allows uploads, sanitises uploaded file names.
- Blocks suspicious bots and scanners.
- Hides PHP error and notice messages.
#5. Securing Your .htaccess File
.htaccess file is one of the most complicated files in your WordPress setup.
If done right, you don’t have to install any of the above mentioned plugins and just by editing .htaccess file, you can save your WordPress site from hackers. It is such a powerful file.
But I don’t recommend anyone (unless you know what you are doing) to edit the file as it can collapse your WordPress sites from even opening up.
Then, how to secure your .htaccess file?
By using BulletProof security plugin from WordPress. Again, it’s a free tool for WordPress users but it has a TON of features to secure your WP sites along with securing .htaccess file.
This plugin completely protects your .htaccess file by providing a rocking firewall around it. Without your permission, no one can access your root files and it also restricts access to the admin dashboard. You can also prevent directory browsing by using a firewall around your .htaccess file. And this plugin exactly does that.
Along with the above security feature, this plugin also helps you with the following things.
- Real-time File Monitor (IDPS)
- DB Monitor Intrusion Detection System (IDS)
- DB Backup: Full and partial DB Backups. Manual and scheduled DB Backups and Email Zip Backups.
- Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updating in Real Time
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
Now, that takes me to the final step of securing your WordPress sites from hackers: “taking backups”.
Creating regular backups for your website is the key to keeping it safe.
In the worse case scenario, even if your site gets hacked, you don’t need to worry about the loss of all your blog posts, pages, comments and links.
You can simply restore your data points to get all that data back. Even if your site might not get hacked or if you simply might lose all the data while making design changes on your sites, then also keep regular backups can help you immensely.
I highly recommend you to start using BackupBuddy. It’s a premium tool to regularly backup all of your website files and you can restore at any moment in case of file loss.
If you are searching for a free option, try BackWPup. It’s a free plugin which is useful for backing up all your files including your databases.
This plugin automatically saves your complete installation including /wp-content/ and saves them to an external backup Service like Dropbox, S3, FTP etc.
BackUpWordPress is also another great (free) WordPress plugin for taking regular backup all your website files. This plugin works in low memory, “shared host” environments so your site speed won’t affect much and it also have options to have each backup file emailed to your inbox. You can also exclude few files which you don’t want to take a backup from.
So what are you waiting for? Make sure to use any one of the above mentioned plugins to start taking backups of your whole sites. I recommend you to take backups every week (in the least case scenario) to avoid regretting in the future.
3 More Essential Things We Did at BloggersPassion After The Security Attack
1. We ditched HostGator and moved to WPX hosting
HostGator hosting sucks. They don’t value their customers when the help is most needed. They are also least bothered about providing security to the sites that are hosted on their servers. If you are someone who is looking for reliable hosting that is secured, don’t even think about HostGator.
We moved to WPX hosting (which I’m going to write a detailed review about it soon) and they are amazing. They are also providing full security to the sites along with the daily backups. I highly recommend you to check out their hosting plans if you want a secured, fast and reliable hosting service.
2. We started using VaultPress
The reason for using VaultPress is it is hands down one of the best tools for taking backups and securing your WordPress site from hackers.
If you are using VaultPress, you are safe from hackers, host failures, viruses, user errors, malware attacks and exploits. It’s so useful for taking real time backups and also for automated security scanning.
Again, I’m soon going to write a detailed and honest review about VaultPress at BloggersPassion, so stay tuned for more updates.
3. Give a try to Sucuri
Sucuri is a great platform for securing your WordPress sites from all kinds of attacks. When BloggersPassion was under security attack, so many guys have recommend it.
So if you are looking for a peaceful tool that saves you from various WordPress attack, give a try to Sucuri. They are #1 security team to protect your sites from hackers, malware, blacklists, DDos attacks etc.
Final thoughts on securing your WordPress site from hackers
Each WordPress security attack is different. Hackers can get access of your sites by using various ways like password guessing, inserting malicious codes into your files, brute force attacks etc.
So you must be always ready for all the attacks to secure your WordPress sites from hackers or intruders. You never know who is going to hack or crack your website files.
Taking backups, keeping your websites safe from malicious codes, installing the most essential security tools like BulletProof security, iThemes security can save you a lot of time, money and efforts. And don’t take your WordPress security lightly.
As I said earlier in the post, prevention is always better than cure. So make sure to implement the WordPress security tips mentioned in this guide to harden the security of your WordPress sites.