Hacking 1734225 640

Why do WordPress websites get hacked? (part 2) – Website Security

by

If you have not done so yet, please start by reading part 1 of this post so that you understand the motivations and techniques behind the attacks on your website. Now we are ready to discuss the various levels of protection you can surround your site with. All of these techniques address different aspects of security and complement each other. Most modern types of attacks use a variety of different techniques and exploit vulnerabilities in each of the layers described below.

Hosting Server

The server your website is hosted on protects site files, the database, and your domain and executes the web server processes on your behalf. Most reputable hosting companies will apply all the patches to the server and restrict access to your file system and databases. Attacks on the hosting server are therefore rare. If you are following the configuration recommendations from your hosting provider you will be in good hands. Make sure your PHP version on the website is up-to-date and that you are using a strong password to log in to your account.

Firewall

Firewall is a piece of software that blocks requests coming to your website based on a list of different criteria. It might be looking at the IP the request originated from (after comparing the IP to the list of known bad actors), or it might look at the content of the request and reject everything that looks suspicious or out of place. Firewalls can be installed on the server level, on the domain, and on the website itself. They are a critical part of protecting the integrity of your website.

Hardening your site

Hardening your website makes it more difficult for anyone to log into the site via the login screen. The hardening techniques would include 2FA, or changing the login URL to a custom slug. They protect your website for brute force login attacks (or make these attacks more difficult to execute). Hardening the site is the most visible layer of protection but not always the most effective since the majority of the attacks are not brute force logins.

Wise Choice of software 

Avoiding questionable themes and plugins on your site is really the best way of protecting your WordPress site. As we mentioned in the previous article, 80% of all attacks on websites are targeting vulnerabilities in free plugins. If you are selecting a free plugin for your site, make sure that it is still actively being updated and that it is coming from a reputable source. All this information is available on the WordPress website.

Updates

If a plugin has a security update, it is imperative that you install the update as soon as it becomes available. This rule applies to the WordPress Core, themes and plugins alike. If you notice that a plugin has not been updated for a year, it is time to remove it and find a substitute. WordFence also keeps a list of plugin updates that you can reference.

Security Scans

Regular security scans of your site are not going to protect you from an attack but will notify you when your site detects malicious malware and help you remove it. Again, acting quickly on the scan will protect the virus from spreading to other websites and causing further damage to yours.

Not sure how to get started? Watermelon offers a Security and Performance plan that helps to keep your site updated.

Image by Pete Linforth from Pixabay

Work With Us

We've been building websites for over twenty years, and have learned a thing or two about how to make web projects go smoothly.


What Our Clients Say

Watermelon Web Works, LLC place picture
Watermelon Web Works, LLC
4.7
Based on 19 reviews
powered by Google
review us on
OMS Anita profile picture
OMS Anita
22:20 29 Nov 24
Watermelon Web Works has been incredible to work with. They are patient, understanding, and quick to answer any questions (or emergencies) you might have. After switching over to them to help re-vamp our online retail store, we hired them to build our wholesale website as well. I can't recommend them enough - Thank you team!
Garrett Lister profile picture
Garrett Lister
19:55 10 Jul 24
Jared and the watermelon team were great - they quickly interpreted our website needs and designed a wonderful site. The project management site worked great to keep track of project.
N B profile picture
N B
21:23 14 Nov 23
My previous web developer who I was very happy with retired and I was pretty sad about it because it seems now days it is hard to hire a web developer close by with a good set of skills who is interested in helping small business at reasonable prices. Then I found Watermelon and I have been very happy. They are responsive, are able to solve problems, and work at reasonable prices.
Dark Star Magick profile picture
Dark Star Magick
18:05 03 May 23
We hired Watermelon to help us with our website. They were very thorough and took the time to explain in layman's terms what they were doing and how we could improve SEO and site functionality. We will definitely be back for future website needs!
Astoria Column profile picture
Astoria Column
18:42 24 Apr 23
Great work and amazing service! We're a non-profit, and our priorities are always focused on maintaining the Astoria Column. We had a website built by someone else a few years ago, but without regular updating and maintenance, sections of our site were no longer functional. Joanna and the rest of the team came in and had everything working within a week and it's been smooth sailing since then!
Ben Harris profile picture
Ben Harris
19:25 26 Aug 19
Watermelon has been a fantastic web development partner. Through every phase of our project they have always been 100% responsive to our requests and have always provided highly knowledgeable, creative, prompt, and personable team members to work with. As a financial institution we’re always concerned about the security and maintenance or our website and Watermelon has always provided the appropriate resources in order to meet and/or exceed our compliance and security requirements. We would surely refer them to any business associates looking for a qualified WordPress web designer in the future. – Denali Federal Credit Union
Mohr IP Law Attorneys profile picture
Mohr IP Law Attorneys
00:33 11 Apr 19
Watermelon Web Works did a great job creating a custom shopping cart page for our firm. Gavynn in particular was especially helpful and responsive. We appreciated the upfront costs and the technical competency of Watermelon Web Works and would not hesitate to work with the people there again.
Kim Markle profile picture
Kim Markle
23:36 08 Feb 19
Our company has been working with the Watermelon team for more than 10 years to help build and grow our website and customer portal. They are not only extremely talented and responsive, but are continuously looking for ways for us to enhance our current website. They are consistent, provide excellent customer service and really know what they are doing. Highly recommend!
Rick Brodner profile picture
Rick Brodner
23:23 12 May 17
I cannot say enough good things about Watermelon. They are terrific communicators, highly competent coders, and really, really nice people. They were instrumental in helping us to assemble a very usable, easily maintainable website for our organization. They' have demonstrated great flexibility in accommodating our evolving needs. They have been highly responsive to any technical issues, typically resolving them in less than 4 hours. Watermelon Web Works will make your organization better, and your CFO/Treasurer will be happy when they see the bill - what more can you ask for?
CLOSE

>Locations We Service