Earlier this week, I shared an article WordPress Hacked: How I Handle It By Utilizing Sucuri. For 72hours, I had no access to my website from the front or backend. It was a complete nightmare that gave me horrible anxiety and stress. Over the last year, more and more bloggers and business owners have shared via social media about their websites being taken down by malware. Still, I noticed no one walks through how to protect your WordPress website from malware after the attacks. Today, I will walk you through all the tips that Sucuri gave me, and I share them with you.
Hosting Companies Matter
Google and other search engines are penalizing your website if it is not a trusted website. Have you ever been on a website, and it says it is not secure? Well, that means the person lacks an SSL certificate through their hosting company. Some hosting providers and others like Go Daddy charge you extra. Do your due diligence and research the company that is best for you. I will say a lot of my friends who have been having issues it has been with Bluehost. Be wary of locking in terms more extended than a year, and always shop around.
If you can add firewall protection with your hosting if it is offered. ‘
They told me that malware could attach itself when you allow paths to be open by old themes, accounts, and outdated plugins.
Delete Old User Accounts
If you looked at my account, I had over ten people who had access to my site, and only three, including me, should have access. Remove anyone who does not need current access to your website.
Delete Old Themes
Okay, so on Imperfect Concepts, I had EIGHT old themes sitting there that were deactivated, and I thought that was okay. Actually, this is one of the main ways they get into your system. When I thought about it, I need to have all the themes installed on the system when I have access to them on my hard drive or where I purchased the theme.
Enable Auto Update
The second biggest way malware can attack your system is outdated or deactivated plugins. Maybe I had noticed this, but WordPress has an auto-update button you can select, and your plugins will never be outdated. In addition to that, make sure you delete plugins you are no longer using.
Remove Old Backups
When the tech support went into the system, I had backed up my website from 2017. Let’s say that’s not necessary at all, and once again, it’s another way for malware to enter your system and hack your website.
Two other important things I discussed with Sucuri was having someone run monthly maintenance on my website to make sure everything is updated. When I paid for their yearly plan, I could do that vs. hiring a small business, but I would highly suggest investing in someone small business or a company like Sucuri to run monthly maintenance on your website. Then there is Wordfence, a plugin that helps protect your website that I recently installed. I currently have the free version but upgrading to the paid.
One of the biggest things I tell clients when they state they want to get on WordPress is it’s you doing everything. When you utilize Shopify, Squarespace, Wix, and more, you have a tech support team to help you. Suppose something happens with your WordPress; it’s up to you to handle it. I hope these six tips can help you protect your WordPress website from malware.