WordPress is a great content management tool, but all the things that make it great, also make it vulnerable to hacking. There are far too many 3rd party plugins and themes that could create holes in its defence. This and its popularity has made it a high target for hackers.

This is a small list of tasks or things TeacupLive does to prevent hacking on our sites and the few sites hosted and maintained by us.

  1. Make your username as unique as you can. Never use common usernames like admin, administrator or root. Remember that you can use full names as usernames, with spaces. We also don’t suggest using your email address as passwords, as there are ways to get the list of usernames from some WordPress sites without logging in.
  2. Make sure your file permissions are correct. Although you can restrict them even more than suggested, running these two commands on a Linux host should secure your files enough. Run them from your WordPress home or root folder. The first command will set all files to 644 and the second will set all folders to 755. Here is a tutorial on Linux permissions.
    find ./ -type f -exec chmod 644 {} +

    find ./ -type d -exec chmod 755 {} +
  3. You want to disable file editing, via the WordPress backend. This can be done via a plugin or by adding a small line of code in your wp-config.php file.
    define('DISALLOW_FILE_EDIT',true);
  4. Install a good security plugin. Remember, don’t depend on the security plugin to secure your site 100%, it too could have holes. Wordfence seems to be a good one to use, but there are many.When you install it, I suggest you set the firewall rules as follows or simular.
    This is just a suggestion, you can set it up your own way.

  5. Make your passwords crazy strong and complicated! The new WordPress password generator is great for creating good strong passwords. We suggest using that.
  6. Keep a clean backup of your site’s files and database. I would suggest keeping at least 3 day’s “versions” of backups. This is in case it takes 3 days to realise you have been hacked. You don’t want to backup and restore the hacked files.
  7. Keep WordPress and its plugins updated and uninstall or delete none used plugins.
  8. If you have the know-how, you can create or download a blacklisted IP address list. This can be used to block known blacklisted Ip addresses from your site. We have a list of +- 25,000 IP addresses available for download on TeacupLive. Use the IP list at your own risk.
  9. Lastly, consider blocking countries that you don’t service. We have found most hack attempts are from specific countries around the world, and since we don’t deal or provide services to these places, we have chosen to block most of these countries IP addresses.

If you have any other suggestions that we can add to this list please feel free to comment below. I hope this helped. 


Posted date: 30th May 2018
General Help and Tips - Business Websites