email
Unbouncehacks
Facebook Youtube

How to secure WordPress website from Repeated Hacks and Spam Code Injections(Step-by-Step)

If you’ve ever faced the frustration of dealing with a hacked website, you’re not alone. My website was repeatedly injected with spam code every few weeks, and I had to spend hundreds of dollars fixing it.

 

It was a nightmare!

 

But after much research and trial and error, I found a combination of tools and steps that successfully protected my site from future attacks.

 

In this blog post, I’ll share the exact steps I took to secure my website. These steps are easy to follow, even if you’re not a technical expert.

Step 1: Install Essential Security Plugins

I used a combination of three powerful plugins to secure my WordPress website. Each has unique features that complement one another:

 

  1. Wordfence Security (Download here)
    • Protects your website with a robust firewall and malware scanner.

  2. WP Cerber Security (Download here)
    • Helps prevent brute force attacks and unauthorized logins.

  3. Anti-Malware Security (Download here)
    • Scans your site for malware and suspicious files and provides tools to clean them.

  4. Updraft Plus (Download here)
    • Protects your website with a robust firewall and malware scanner.


Install these plugins from your WordPress dashboard by going to Plugins > Add New, then search for each plugin’s name and click Install Now and Activate.

Step 2: Change Your Admin URL

By default, the admin login page for WordPress is accessible at /wp-admin or /wp-login.php. Hackers often target these URLs.

Using the settings in WP Cerber, change your admin login URL to something unique. For example, instead of yoursite.com/wp-admin, use something like yoursite.com/mysecurelogin.


How to Change Admin URL:

  1. Go to WP Cerber > Hardening.

  2. Enable the option to change the login URL.

  3. Set a unique URL and save the changes.

Step 3: Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your login process. Even if someone gets your password, they’ll need the second authentication factor to log in.

How to Enable 2FA:

    1. In Wordfence, go to Login Security > Two-Factor Authentication.

    2. Follow the instructions to set up 2FA using an authenticator app like Google Authenticator.

Step 4: Limit Login Attempts

Limiting the number of login attempts prevents hackers from repeatedly guessing your password.

How to Set Up Login Limits:

  1. Go to WP Cerber > Main Settings.

  2. Under Login Attempts, set the maximum number of allowed attempts (e.g., 3 attempts).

  3. Set the lockout duration for failed login attempts.

Step 5: Block Suspicious IP Addresses

Automatically block IP addresses after multiple failed login attempts to prevent brute force attacks.

How to Block IPs:

    1. In WP Cerber, go to Access Lists.

    2. Enable automatic IP blocking after several failed login attempts.

Step 6: Regular Malware Scans

Keep your website clean by regularly scanning it for malware or suspicious files.

How to Scan for Malware:

  1. Go to Anti-Malware Security > Scan Settings.

  2. Run a full scan of your website.

  3. Follow the recommendations to remove any detected threats.

Step 7: Take Regular Backups

Even with the best security measures, it’s crucial to have backups of your website in case something goes wrong. I use UpdraftPlus for this purpose.

How to Set Up Automatic Backups:

  1. Install and activate UpdraftPlus from the WordPress plugin directory.

  2. Go to Settings > UpdraftPlus Backups.

  3. Configure automatic backups to save your website data at regular intervals.

  4. Set up remote storage options like Dropbox or Google Drive to upload backups automatically.

With these backups, you can easily restore your website if it gets compromised

Bonus Tips

  • Keep WordPress, themes, and plugins updated to avoid vulnerabilities.

  • Use strong passwords and change them regularly.

  • Take regular backups using plugins like UpdraftPlus, so you can restore your site if needed.

Final Words

Securing your website doesn’t have to be complicated or expensive. By following these steps and using the recommended plugins, you can protect your site from hackers and save yourself the stress and cost of constant repairs.

If you’re facing similar issues or have questions about any of the steps, feel free to comment below. I’d be happy to help!

Post Views: 41

Leave a Reply

Your email address will not be published. Required fields are marked *

Picture of Sahibjot Singh

Sahibjot Singh

Hey there! I'm Sahibjot Singh, and I've been on an exciting journey as a Web Designer/Developer and Email Automation expert for the past 12 years. It's been a fantastic ride filled with new challenges, and I've learned how to overcome various issues along the way.

One thing that's always been a part of my journey is the need to research and gather different puzzle pieces, using my coding knowledge to piece together solutions for a wide range of problems.

But here's the thing: I've realized that there are many business entrepreneurs and non-technical folks out there who don't have coding skills but often find themselves in similar situations.

So, what makes Unbouncehacks/Unbouncetips special? Well, it's not just a collection of scattered information. I've put together complete end-to-end solutions for the very problems I've encountered and that you might face in the future.

Plus, I keep this website updated with fresh tips and suggestions that have helped me excel in design and email marketing over the years. So, you're in for a treat with a treasure trove of knowledge! 🚀

Share:

Facebook
LinkedIn
Twitter
Skype
WhatsApp

Most Popular

Follow Us

Facebook-f Youtube

Categories

ActiveCampaign

Doing the best for email marketing? Still your domain can be black listed if you hit a spam trap, once.


Verify your contacts for FREE and make sure there are no spam traps or invalid emails. 

Read More

Related Posts

Work with the best

Unlock Premium Services at Unbeatable Prices

For over a decade, we’ve been mastering the ins and outs of the Unbounce platform, tackling every challenge imaginable along the way. Whether you’re a seasoned user or just dipping your toes into the world of landing page optimization, we’ve got your back!

Click here to know more

"Learning never exhausts the mind.” – Leonardo da Vinci

Receive the latest news

Subscribe To Our Weekly Newsletter

Find Us Here

Facebook-f Linkedin-in Youtube
This theme is developed by Algozign Technologies.

All Rights Reserved © 2022

― Receive the latest articles
Subscribe To Our Newsletter

Get notified about new articles