I have just spent the last day cleaning a WordPress site that had been infected with malware. I believe the site was attacked due to an out of date plugin that had a vulnerability. Detailed here from @wordfence - wordfence.com/blog/2020/09/m…
Most of the attacks on WordPress sites are crude. They are automated attacks trying to exploit commonly known vulnerabilities. Taking a few simple steps can help secure your site. It won't stop the attacks but it will make it harder for them to get through.
2/
Make sure that your WordPress admin user is not called 'Admin'. This is the most common user that is attacked. Also do not call you admin user after your domain i.e. if your domain is thisismysite.co.uk, do not call your admin user 'thisismysite'
3/
If you follow my tweets, the next point is one I keep repeating - backup your site. Install a plugin like Updraft, wordpress.org/plugins/updraf…, configure automatic cloud backups. At least if your site is hacked, you can restore the old site.
4/
Install a security plugin such as @wordfence (wordfence.com). This will prevent most attacks. They have a premium version where you get the security rules immediately. The free version get the rules after 30 days.
5/
There are over 50,000 @WordPress plugins. In the following set of tweets, we share our top 5 plugins that we use on all of our #WordPress websites here at @lendigitaluk.
Backups - We shouldn't need to say that you should always backup your website. With @UpdraftPlus, you can schedule backups and even backup to cloud storage.
Security - It is a fact of life that hackers will always try and gain access to your website. Security plugins such as @wordfence try and make that as harder as possible for them. Use this along with good security practises like strong passwords.