Protect your WordPress website from malicious hackers, spam and other bots attempting to invade your site by taking some simple steps for non-coders.
Plugins are a great way to enhance the security of your WordPress website. Dustin Hartzler from Your Website Engineer talks with me about some of his favorite ways to protect your website.
Also included in this episode is a conversation about the importance of backing up your site on regular basis in case something does manage to infect your site. Backing up is an easy way to get your site back to normal quickly. Dustin walks us through ways to clean up your site after an attack and how to get back into the good graces of Google should you end up being blacklisted.
Here's Dustin tips and plugins for securing your site.
Secure your site
Don't look Brand New
Remove Sample Page
Initial Comment
Keep WordPress Updated
Remove unused themes and plugins
Don't use the username: admin
Create secure passwords - I like odd numbers 9 or 17 digits
Never share you passwords
Never email passwords
Back up your WordPress site
Don't back up the database contents to your server. If a hacker gets in, they have access to your username / password.
Plugins:
BackWPup: http://wordpress.org/extend/plugins/backwpup/
WordPress Backup to Dropbox: http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/
BackupBuddy (http://yourwebsiteengineer.com/backupbuddy)
WordPress Plugins
BetterWP ( http://wordpress.org/extend/plugins/better-wp-security/ )
WordFence ( http://wordpress.org/extend/plugins/wordfence/ )
Wordfence is one of the newer security plugins. However it has matured very quickly. One of the great features of Wordfence is that it will compare the plugin, theme, and WordPress core files on your installation with the official version in the WordPress repository. If there are any discrepancies, the plugin will send you an email.
WP Login Security 2 ( http://wordpress.org/extend/plugins/wp-login-security-2/ )
WordPress File Monitor Plus ( http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/ )
Theme Authenticity Checker ( http://wordpress.org/extend/plugins/tac/ )
sucuri.net
Recover from a hack
Most hacks won't make your site look like it's been hacked, unless you google your site, or try to post Facebook links
Recover:
Restore from a previous backup
Problem: you don't know when you were hacked.
Change passwords
Change WordPress, FTP, cPanel to be safe
Remove all plugins and reinstall (to be safe)
Remove the google warnings
https://www.google.com/webmasters/tools/
Resubmit your site to Google. This will take a few hours until your site is crawled and the malware warning will be removed.
