Is your website a WordPress site? This fall seems to have been a field day for WordPress hackers. Even with good security, several of my clients’ sites were hacked.

What can you do about it? Realistically, you can’t stop the bad guys. Hackers are a unique group of people hell bent on destroying the work of others. Sound like I’m frustrated? I am! Sick to death of dealing with people who clearly have no respect for the hard work (and  money) of others.

That said, there is a LOT you can do to protect your site and your SANITY! Let’s go over the basics. This is just a brief overview of how you can quickly secure your existing WordPress site:

Keep your plugins AND WordPress updated! Despite the many ardent warnings I have given my clients, who don’t want to pay me to do regular updates, the vast majority completely ignore what I tell them and that is to UPDATE, UPDATE, UPDATE!  Updating literally takes minutes per week.


Backup REGULARLY! If you are adding regularly to your website (as you SHOULD BE), you should be backing up at minimum once a week. Absolutely phenomenal tool is Akeeba backup. There is a FREE version or a paid version with more functionality. The free version will do what you need it to and is easy to restore. Download the backup file once you have backed up the site.

Install 2 of the BEST plugins I’ve ever used:

  1. – All In One WordPress Security & Firewall
  2. – Wordfence

Install the plugins, and follow the instructions to install them.

Once you have installed Wordfence, in the Dashboard you will see a new menu item WORDFENCE on the left. Click on it. A window similar to the below window will open:


Click on the button indicated with a red arrow “Start a Wordfence Scan”. It may take a little while the first time, but after the first time, it will continuously scan your site and watch for malware as well as assist in blocking attempts to force their way in.

MAKE SURE to take advantage in All In One WordPress Security & Firewall of the ability to “hide” the login for your admin panel. To do this, in the Dashboard, go to menu item WP SECURITY > BRUTE FORCE (see image below):


Make sure to 1) Check the box indicated by the blue arrow, and 2) inside the box indicated by the red arrow where the word “makeup” is, make up your own admin panel access name. Make sure it is something unique and not easy to guess. It’s best if you use a mix of alphanumeric characters, capital and lower case. The harder it is for them to figure out, the safer it is.


Susan Totman is a professional WordPress and Joomla! consultant, having 17+ years experience with WordPress and (Mambo, predecessor to Joomla!) and Joomla.


Leave a Comment

Your email address will not be published. Required fields are marked *