Phone Number520.255.4766

5 Tips on how to prevent website hackers on WordPress websites

6 . 25 . 2017

Hackers are the bane of most business owner’s existence, causing massive headaches and even worse thousands of dollars in cleanups. Hackers don’t discriminate when it comes to what type of websites they try to get in to. Usually, they are just looking for the easiest targets in the hope of finding your customer’s personal information. Even if you just have a simple informational site or blog you need to protect your website. These tips will get you started on how to prevent website hackers on WordPress websites.

1. Keep Plugins and software up to date

This is one of the most important tasks to preventing website hackers on your WordPress site. Outdated software can be easily hacked mainly because it’s been around longer so hackers have had the time to find the vulnerabilities in the code.

Plugin developers regularly update their plugins when they find security flaws or glitches to prevent hackers from getting in through their plugins.

My recommendation is to update all of your plugins at least once per month. You will find that a lot of the plugins on WordPress are updated very often. But be careful! Sometimes a plugin update can break part of your website. Make sure you pull a backup before updating any plugins.

2. Use a Secure Password

Unfortunately, even in 2017, people are still using Password1234 as their password of choice and of course that leaves the door wide open for hackers. Passwords should always be hard to guess, never use password, admin, or your business name in your password.

Try to come up with a password that’s hard for you to remember, that will make it hard for a hacker to guess. And if you have a hard time remembering your passwords, use a service like LastPass or Dashlane to secure all of your passwords without you having to remember them. And of course the best passwords are randomly generated; use this password generator to update all of your passwords to the highest level of security.

3. Install an SSL Security Certificate

Installing an SSL will change your website from HTTP to HTTPS with the “S” standing for secure. SSL certificates will add another layer of security to your website as the certificate will check to make sure information shared on that webpage is not being intercepted by an outside source.

You’ll know if your website is secure by checking the URL to make sure it starts with HTTPS and also has the friendly green lock to the left of the URL in your browser.

Another added benefit of securing your website is SEO (search engine optimization). Google and Chrome browsers are planning on making security warnings larger and more intrusive as the need for security rises. Eventually, Google will start de-ranking unsecured sites in favor of secure ones in the near future.

4. Use a Malware Scanner regularly

Malware scanners are extremely useful in preventing damage from the sneakier hacks and will help you clean up a hacked website (if you didn’t download a proper backup).

Malware scanners work by scanning every file on the website in search of common Malware code. If the scanner does find a suspicious file it will tell you exactly which file on your site contains malware and where to find it in your files.

If you do happen to run a scan on your website and find suspicious files you should delete those files immediately, or restore a clean backup you know has not been hacked. And of course, change all of your passwords including the ones to your hosting account.

5. Disable file editor for WordPress

This is a very simple but highly effective technique to prevent hackers on your website. When you disable the file editor on WordPress, it ensures if someone does get into your WordPress site they will not be able to add their own code to your pages. They would also need to hack into your hosting in order to do that and most won’t spend the time.

Disabling the WordPress file editor is simple. Just add the code below to the bottom of your “wp-config.php” file in your website’s main folder.

define( ‘DISALLOW_FILE_EDIT’, true );

Bonus! Download backups regularly

Backing up your website is a must, not necessarily to prevent hackers but to save you a huge headache if they do manage to get into your website.

You should be backing up your site as often as you update it. If you update every day, then a daily backup would be best for you. If you only update your site every once in a while, a weekly backup should do the trick.

Backing up your website is easy! Your hosting provider will, of course, offer a paid service to do backups for you, but this is not a necessary expense. There are loads of free plugins for WordPress to do automated backups.

My favorite and probably the most reliable free plugin is UpdraftPlus. You can choose to have the backups go to an FTP account or even a Dropbox or Google Drive account. My recommendation, don’t keep your backups on the same server as your website. Hackers could easily find your backups folder and delete it, rendering your protection efforts useless. Instead store the backups in a separate google drive account, that way you know they are safe.


Sometimes security can be overwhelming. If you need help with any of the tips above or just want a second opinion on the security of your website, please contact me at the form below.

Free Security Audit

    Check if you would like to be added to our newsletter.

    Skip to content