Lately I've been dealing with a lot of hacked WordPress websites.
It's the same story every time. The site was developed years ago and no one's bothered to update it since. The ancient version of WordPress and outdated plugins, all of which are full of security flaws, opened the site up to hacking attempts.
When you're dealing with any kind of Content Management System, this kind of situation would leave you open to hacking attempts. But with WordPress being the most popular CMS in the world by a staggering percentage, you can see why WordPress sites are the most vulnerable.
Don't despair. It's fairly easy to keep your WordPress site secure.
1. Keep it updated.
The biggest security issue in most WordPress sites is having an old version of WordPress and outdated plugins.
However, despite being the most common cause of a hacked WordPress site, it's actually quite easy to prevent. Simply regularly check on your site and ensure that everything is updated. It will only take you a couple of minutes, and could save you some headaches down the line.
Note: Be sure to make a backup of your site before any major updates, as that can sometimes cause it's own headaches.
2. Security Plugins.
When it comes to WordPress, there's a plugin for just about everything.
There's quite a few options out there for security plugins for WordPress. Personally, I use Sucuri and PLUGIN NAME GOES HERE. They have some great features and are both very straightforward to use.
3. Use good passwords.
If you're password is "password" then you've got a problem.
It's not too complicated. All you have to do is use passwords that are complicated enough to be hard to guess, and include some numbers. Oh, and try not to use the same password multiple times.
4. Keep regular backups
Having a backup of the site can be incredibly useful if you actually do get hacked. In some cases the easiest solution is to delete everything and restore a complete backup of the site and a fresh WordPress install of the latest version. That's why you should always keep backups of your sites when possible. Preferably after the site is built, and then again after any significant content or design updates.
These are just the basics, really. There are other things you can do to further protect your WordPress site, which we'll get to in the next post.