Best Way to Protect Your WordPress Blog from Malware

OnaDavney

Well-known member
Registered
Joined
Nov 9, 2013
Messages
96
Points
8
One of my Wordpress blog infected with malware and I have to do some things like re-installed a new fresh copy of Wordpress, remove any plugins and doubting they are sources that virus came..etc

I would like to know some TIPs to protect my Wordpress blog from malware? what are your experience?
 

HCFGrizzly

Well-known member
Registered
Joined
Jan 8, 2016
Messages
103
Points
0
One of my Wordpress blog infected with malware and I have to do some things like re-installed a new fresh copy of Wordpress, remove any plugins and doubting they are sources that virus came..etc

I would like to know some TIPs to protect my Wordpress blog from malware? what are your experience?
Your best course of action would be to throw WordPress out of your web server and implement a custom solution.
Even though WordPress has become more and more secure over time, there are still lots of plugins that are begging for hackers to attack your website.
Now I know that probably not using WordPress is not an option for you and because of that you should start by reading this article:

http://codex.wordpress.org/Hardening_WordPress
 

hmb-robert

Member
Registered
Joined
Jan 5, 2016
Messages
30
Points
0
Now a days wordpress provides many security and maleware scan plugins. You can easily install them using one click plugin installation option provided by wordpress.
 

velvet

Member
Registered
Joined
Feb 14, 2016
Messages
52
Points
0
Hi OnaDavney,
I use both the WordFence plugin, and the following.

And of course use long generated passwords!

cheers, Mal.
 
Last edited by a moderator:

Ron Killian

Well-known member
Registered
Joined
Dec 3, 2015
Messages
363
Points
0
I put in another vote for Wordfence. Also helps to keep out the bad guys, like those trying to figure out your password. Well, they are bots, but it helps with that aspect.

Also, obviously very important to keep wordpress, plugins and theme's up to date.

On a side note, having a good host can help. I get emails from mine (automatic), letting me know when new potential problems arise. Also alerts for suspicious files.
 

SenseiSteve

Web Hosting Sensei
Hosting Provider
Registered
Joined
Nov 11, 2015
Messages
273
Points
28
One of the things I like about WordFence is, first, the scan, but also the problem notifications, like plugins that need to be updated. Get rid of the admin user for administrator and use long passwords.
 

vishwa

Well-known member
Registered
Joined
May 12, 2014
Messages
220
Points
18
Yes, Wordfence is really a great plugin for protect your site from hacking and spam. However I believe that we all have to take precautions to protect the site manually for example change your passwords frequently, Don't use nulled themes and plugins, update/replace outdated plugins, monitor your traffic logs etc.. will help you a lot.
 

Localnode

Well-known member
Registered
Joined
Dec 15, 2015
Messages
333
Points
43
You can also restrict access to the admin area to a specific IP.
Replace "xx.xxx.xxx.xxx" with your IP
Code:
# BEGIN RESTRICTION
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^xx.xxx.xxx.xxx$
RewriteRule ^(.*)$ - [R=403,L]
# END RESTRICTION
If you've changed the admin area (which you should) the above code should reflect those changes.
 

ElixantTechnology

Well-known member
Registered
Joined
Nov 26, 2014
Messages
281
Points
43
First of all, don't use any "nulled" or "free download" templates or plugins from third-parties. A lot of the times these downloads are released with the malware hidden within. Next, ensure that you are following best practices for security.
 

Shahzadqayyum

Member
Registered
Joined
Apr 16, 2016
Messages
34
Points
0
I've seen many people complaining about wordpress! But guess what?
most of them are using nulled/free theme, outdated plugins, They dont update their wordpress, themes on time.
Website is actually works like a Business Plan. If you invest more and on the right place and pay attention on your site, You will surely get benefit from it.
 

TerranceM

Member
Registered
Joined
Jul 25, 2019
Messages
35
Points
8
- Change login URL from /wp-admin/
- Deny entry to WP-Admin folder from all the IP and allow your IP.
 

zainhosting

Member
Registered
Joined
Mar 11, 2019
Messages
34
Points
8
+1 for Wordfence security plugin, it can give you a full report with all infected files on your site, and also it scans your WordPress site weekly and send you report on email.
 

Akshay_M

Member
Registered
Joined
Nov 15, 2019
Messages
44
Points
8
Here are some tips to protect your WordPress site from malware or viruses:
  • Update your outdated theme or plugins
  • Setup website lockdown features an unauthorized activity or makes the password harder for hackers
  • Moreover, check your file and folder permission
  • Hide your wp-config.php file
  • Use email instead of username for login in your WordPress site
  • Always use SSL certificate encrypted data
  • Monitor your site by WordPress plugin for example-Wordfence or iThemes security
  • Change the WordPress database table prefix
 

Dewlance

Well-known member
Hosting Provider
Registered
Joined
Dec 20, 2014
Messages
114
Points
18
I think first lock your wordpress admin area with firewall and .htaccess file.

- Be active, Access your wordpress on every x days or week and make sure that theme and plugins are up-to-date.
- Remove inactive or unused themes, plugins.
- Do not use lot of plugins.
- Use latest version of PHP.
- Disable direct access to themes, plugin or upload area and only allow local IP & server IP.
 
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top