What security precautions should people be aware of for their WordPress sites by Asad Iqbal

WordPress is an open-source platform and you need to be proactive with security and protection. The following are recommended for the protection of your WordPress business website.

  • Use very good quality hosting
  • Make sure you are using an SSL certificate, your site URL should start HTTPS and show secure in a browser
  • Create secure, hard to guess login credentials – there are strong password generators available that will help you
  • Enable a firewall
  • Two-Factor Authentication on Login
  • Install the latest versions of plugins and themes and keep them up to date. Log into your site on a schedule to make sure that nothing is missed
  • Keep your WordPress and its database up to date. WordPress can be set to auto update to the newest version. Updating databases will depend on your hosting company so make sure to check with them before settling on a hosting provider
  • Always immediately change the standard login details provided at installation of WordPress admin, FTP, and cPanel
  • Configure your file permissions
  • Back-up your site regularly
  • Keep track of WordPress users. If you find unexpected users or admin accounts on your site investigate immediately
  • Change the standard log in URL so that it is more difficult to find for hackers, this can be done using a security plugin

Recommended plugins to help secure your site

  • All in One WP Security
  • Wordfence Plugin
  • Sucuri Security plugin

What should someone do if their site does get hacked?

If your website gets hacked it can often be resolved by restoring a backup from cPanel, otherwise known as doing a rollback to an earlier version of your site. Most hosting companies do regular backups going back a month. This resolves the issue in many cases.

When you need a specialist!

If you do not have a backup or if the backup does not work!

A specialist can investigate your sites databases, and if necessary, debug them. They may need to remove wp-admin and wp include folders and upload new system folders after downloading them from the WordPress repository. After uploading these new folders then they scan your website using your security plugin – I suggest Wordfence for this. Corrupted files are replaced. Check entire website content for Javascript malicious code and remove them for pages as well as from theme and plugin files. A check is also carried out for any ‘extra’ files that shouldn’t be part of the site.

You can check your website for potential issues using this website: https://sitecheck.sucuri.net/

For expert assistance at affordable rates please contact me @

Asad Iqbal
Skype: Asad_i999
What’s App: +923225142559