How to prevent WordPress from being hacked

Website security is a major concern of many foreign trade friends. We have worked hard to build a website. If it is hacked, it is really painful. Today we will talk about how to prevent wordpress websites from being hacked

Good space is very important. Like the siteground, I used it without any problems. Customer service is very good and fast. It is worth recommending.

The LINODE host is also good. I have used it for several years without any problems. I have used it myself for one year. It has been very stable and fast. For purchase, please refer to Three step purchase of Linode host (including Linode discount code)

The website can only be prevented from being hacked, and the most important thing is backup. When the website is completed, it is very important to keep a certain frequency of backups. In case of blackout, you can also use the backup data to restore the website to minimize the loss. Recommended Backup the website with the replicator

If the website is updated frequently, it should be backed up once a week. If the website is not updated much, it can be backed up once a month. Specific frequency

Many friends like to use admin or email as their background account directly. The password is 123456 or other commonly used passwords, which are easy to crack. One way to get hacked is to hit the database. When your password in other places is leaked, it will be used to test your account on other platforms. So in order to avoid this situation, the account and password must be set uniquely. The more complex the better

There are many plug-ins that have not been updated for several years. It is recommended not to install such plug-ins, because they may have many vulnerabilities, which will create opportunities for criminals.

The other is plug-ins that need to be paid, but some websites provide them for free, which may also be linked with virus programs or black chains, directly affecting the security of websites. (Hunk experience)

Plug ins for temporary use, such as website backup plug-in, should be deleted in time after use

When using FTP, if the local computer is poisonous, the virus may spread to the space through FTP, so the local computer must ensure security before using FTP

This method is learned from the God of Materials. The operation is as follows

1) Enter FTP (if Bluehost or siteground is used, file manager can also be used), download the functions.php file in the theme folder to the local, and back up one

2) Open functions.php with notepad++or DW, and paste the following code at the end

function login_protection(){
if(($_GET[‘admin’] != ‘abc’)) header(‘Location: http://go.liaosam.com/ ’);
}
add_action(‘login_enqueue_scripts’,’login_protection’);

And replace abc with your background account, then save and upload it to the space to replace the old functions.php

3) Then you can only use www.domain.com/wp-login.php? Admin=abc comes to visit the background of your website. If you make a mistake, you will jump to go.liaosam.com. Of course, you can change go.liaosam.com to the website you want

Often, after adding a new space in the Linode background and configuring it, you will be prompted how many attempts to log in to SSH. These are hackers trying to log in to the space.

If your website uses VPS such as linode, you must change the SSH port. In addition, change the root password more complex, so it is not easy to be hacked.

If your website has been hacked, you can refer to [Example analysis] What if the website is hacked?