Top 10 mistakes in your WordPress website and how to fix WordPress security holes

Here are 10 mistakes you can check to your WordPress website to secure it. It is better to stay ahead of the attackers rather than apply a recovery program to your mess up website.

1. Cheap web host

How do WordPress sites get hacked? The number one way according to www.wptemplate.com research they’ve conducted 41% of hacks happen because of poor hosting.

How to fix:

Switch to a secure host. I recommend bluehost. Been using this hosting and it is running smooth with great support.  But that doesn’t mean you have to skip over all their security measures that just means that the host is taking care of their business which is server security, server speed things like that so hosting is the number one way sites get hacked.

2. Plugins and themes.

Keeping plugins and themes out of date leads to security vulnerabilities quite often because a large number of updates are security patches.

How to fix:

Make sure you backup your site first or use a staging site before doing a live update of plugins and themes because these sometimes break your website. And if something goes wrong you can revert back to an older version and you don’t have to try to fix a broken site or have to rebuild your site. Though this rarely happen but it could still happen.

3. Insecure login.

Hackers have password dictionary they plug these into their little BOTS and their little scripts and they go and they try these passwords on all the WordPress sites they can find and a certain number of sites will be hacked.

How to fix:

Never use admin, domain name and your name as the user name. Move your login page that they can no longer do brute force because they can’t find the login page

Here is the link  How to change login URL.

4. Using nulled plugins and themes.

The drawback of null plugins is a lot of these novel plugin websites they include their own little malware scripts or something else some kind of backdoor so they can hack into websites.

How to fix:

Invest premium plugin or don’t use at all.

5. Never use an old plugin

Never use an old plugin because it’s just too dangerous to have that on your site. Another thing is having those inactive plugins and themes. Their files are still accessible from the internet if they are outdated and there is a security patch available and there’s a vulnerability that a hacker knows about they can hack into your site from a deactivated plugin.

How to fix:

Get rid of deactivated plugins and themes. Install them again if you need them.

6. User registration.

If you are not a membership site or allowing other users in your site delete other unwanted users.

How to fix: In the settings > general > make sure in the membership uncheck the anyone can register. Or if you have allowed user registration make sure you understand their user role not as equal as you as administrator.

7. Too many plugins.

Having too many plugins are pain. You will have too many to monitor and update. This will also add loading time of your page.

How to fix:

Stick to 10 or less at least.

8. Not making regular backups:

A regular backup will help you if somebody successfully attack you and damage your site. Or if you made a mistake when you are doing something for your site and something breaks, it is always good to have something to return to.

How to fix:

Install backup plugin or manually backup your site regularly.

9. Not using a security plug-in.

Some developer thought they will not be attack  or infected since they are just pebble in the vast ocean but think again. They will come to you no matter how small you are if they have a chance.

How to fix:

Make your life easy, they already do the hard stuff to help you secure your website take advantage of it to secure your website. Invest in WordPress security. Install a security plugin. Prevention from hacking or attacking your website is better than fixing the broken website.

10. Incorrect folder permissions.

Sometimes the malicious code is embedded in the plugin or themes. If this code runs they might delete or add more files in your system that you do not know.

How to fix:

The appropriate permission for all files in WordPress should be 644. This means that the users have read and write permissions and groups and others can only read the files. This will ensure that no one accessing the files can alter them, apart from the owner. The suggested permissions for all the folders are 755. For wp-config the appropriate permission for this file will be 444.

There you have it your top 10 mistake in WordPress security and the how to fix them. Be sure to take a look at them and secure your website before it is too late. If you don’t want to be trouble of all this it is always handy to have somebody to do it for you, so just contact me.

Photo by Charles  on Unsplash