WordPress Maintenance To Keep From Getting Hacked

09/10/2019 0 Comment

WordPress Maintenance:  Keep Up or Get Hacked

Relied upon by an estimated 74.6 million websites, WordPress is undeniably the most popular CMS and open source blogging tool out there. The fact that you can start with WordPress for free is one of its best attractions. It’s also easy to use, quick to set-up and easy to maintain. Even without any coding skills under your belt, you can add functionality such as plugins without much trouble. What more could you ask for, right? 

Unfortunately, WordPress is also easy to hack. Because it is incredibly simple to use, website owners tend to be lax when it comes to protecting their websites. In 2011, for example, 144,000 websites were attacked while 170,000 websites were hacked the following year. And the number continues to increase since then.

Hackers are always on the lookout for loopholes in WordPress’ system. Majority of these hackers perpetuate their cyber crimes using malicious files to infect your website or carry out a DDoS attack. They will then use your website to execute different types of fraud which will inevitably damage your business.

A WordPress website that has been hacked is going to cause you a serious headache. You may wake-up to a website that is now being used to sell banned items or one that redirects your customer to unquestionable websites. Expect for your site’s SEO rankings to plummet as search engines will warn potential visitors that your website has been hacked and is harmful. Majority if not all of your data will be compromised and your website may even be tagged as “blacklisted” which basically means doomsday for your business.

So whether you like it or not, if you’re website is running on WordPress, you are vulnerable against these attacks leaving you with two choices. Either you keep up or get hacked. Like all business owners, you’d probably want to make sure that you do the former. But before we dive into what you can do, let’s first understand the cost of maintaining a WordPress website.


The Cost of WordPress Maintenance

There are several ways hackers execute their cyber crimes. According to statistics, 40% of hacks happen from the hosting side, 30% from themes, 22% through plugins and 8% because of weak passwords. To ensure that you site is safe and secured, those are the four basic factors you need to keep an eye on. This is also where you may need to put out a little investment for a WordPress website keep up. Yes, WordPress may be free but the maintenance will eventually cost. This is the kind of investment, however, that will go a long way.

First thing you need to spend on is a minor but an essential element nonetheless especially if you want a professional name for your website. Domain name registration is critical to keep the website’s name current and under your name. Fees vary from a few dollars to $30 or more per year. Hosting is another critical aspect of owning a website. If you want for your website to go live then you need to host it. Price of the service varies from a few dollars to a couple hundreds of dollars per month depending on your subscription. Finally, you need to take care of maintenance. WordPress and your array of plugins get updated more often that you might think. Just like domain name registration and hosting, the cost of maintenance services varies accordingly.

For a while, it can be for free since no one can oblige you to update or back up your website anyway. The downside however is you putting your site’s security at greater risk. Such websites get easily hacked or it just might stop working altogether. Fortunately, you can keep up your website without any upfront costs. All you need is a few hours a month. You will need to learn a few important things which may take time but you certainly can take care of WordPress maintenance on your own. Otherwise, you can subscribe to a monthly maintenance plan for convenience. Either way, maintenance of your WordPress site is imperative if you want hackers ruining your business and your reputation.

Ten Tips to Protect Your Website

Now that you know the importance and possible cost of maintaining your WordPress website, it’s time to discuss some of the basic things you can do. Below are ten tips that will help protect your website from getting hacked:

Back-up the website

The most important step before executing any update or changes is to back-up your entire website. There are two ways to do it. Either you back-up manually or use a plugin to do it for you. If you’re going to use a free plugin, however, remember that most of them do not back-up your entire data, just your database. This means that if the website is deleted, some of data won’t be restored by the plugin. When choosing your plugin, you may need to opt for one that backs up the entire blog even it might cost you.

Update WordPress version

Right after you back-up your website, the next important step is to make sure that your WordPress is in its current and more recent version. Because WordPress isn’t perfect, regular updates are often rolled out. Your job is to always keep your site’s version up-to-date to ensure that security loopholes are fixed.

Change WordPress username

If you’re still using the admin username, you got to ditch that now. WordPress’ default username is incredibly easy to crack which is why attackers are already in possession of several thousands of IP addresses. You have to create a new username with admin privileges that is difficult to guess. Log on back to your website using the new username and delete the old admin account.

Use a strong password or passphrase

In conjunction with changing the username, you’ll also need to come up with a password that isn’t easy to crack. WordPress has recommended security requirements when selecting a password. According to WordPress, traditional passwords where you alphanumeric combinations are no longer safe not to mention that they are hard to remember. WordPress’ suggestion is for users to use a password manager which will generate strong passwords for you while also storing them in a secure database. You may also create a passphrase instead of a password. Either way will help ensure your website’s security against hackers. If you’d rather go the traditional route, make sure that you password is a mix of at least eight letters, numbers and special characters.

Use WordPress Two-Step Authentication

While changing your username and password is one of first best things you can do to protect your website, you can still go a step further using WordPress’ two-step authentication. Enabling this feature on your website will prompt you to enter a unique six-digit code before you can log-in. Hackers, therefore, will have another job to crack before they can perpetuate their crime using your website.

Install a Security Plugin

You might also want to install a security plugin like WP Security Scan or Better WP Security for added protection. When it comes to ensuring your website’s safety, going the extra mile is always the best way to go after all. Both plugins are simple and easy to use. They’re also great if you want to automate things like scanning your blog for some loopholes and malicious codes.

Use Supported Themes and Plugins

Free themes and plugins are good because you don’t have to pay for anything but they’re unfortunately not always safe. Some free themes and plugins, for instance, may contain malicious codes, a malware or a virus that hackers use to penetrate your system. Files and data may be stolen and worse, your website may be used for illegal purposes. To be safe, it’s best to use only supported themes and plugins. You may need to pay for them but you’ll peace of mind in return.

Update Themes and Plugins

Theme and plugin developers often roll out several updates a year. This is so they can take care of possible security vulnerabilities that may put your website at risk. You’ll know when to update when you login to your WordPress account. On the dashboard area are cues from developers that your plugin or theme needs to be updated today. But again, remember to always back-up your website before you go through with the updates.

Search engines by default have spiders crawl over your entire website to index all your content. To stop them from indexing your admin section, you have to tell the search engines not to. You can do that by creating a robots.txt file in your root directory. Doing so will prevent hackers from accessing your admin section and log-in page.
Consider a Maintenance Plan
Once you’ve covered the basics, you may still amp up your website’s security by considering a WordPress website maintenance plan. This is especially helpful for people who don’t want to be bother with the nuts and bolts of website security against hackers. Maintenance plans offer different services but in general may include the following:

  • 24/7 security monitoring
  • Secure off-site backups
  • WordPress core updates
  • Theme and plugin updates

Price varies from plan to plan. Others may charge $39 per month while some will cost you up to $99 per month. Start with something you can afford then go from there as your business grows and expands.


While there are no guarantees that your website is not going to be hacked when all of the keep-up tips above were implemented, prevention at the of the day is still better than cure. So rather than leave your website vulnerable to possible cyber attacks that can potentially ruin your business, you are better off spending a few minutes today and carry out the aforementioned tips.

  • Scott Donald is Chief Strategist at Creativ Digital an Australian digital agency specializing in eCommerce website optimization. He designs builds and provides marketing for websites to perform at their best. Follow him on Google+ and Twitter.