Statistics show some 70% of WordPress websites have been hacked. Our Nashville web design team often gets a call to fix one or two per week. Having someone make changes to a website is hurtful for search engine rankings, it’s costly to clean up, and it’s an invasion of privacy. Depending on the severity of the attack, cleaning it up can be challenging and time consuming. In some cases, websites can totally vanish. Preventing a website hack is a pretty obvious desire. 

Locking down a WordPress website is a great way to prevent many hacks. One downfall of WordPress and the plugin system is how easy it is to make changes to the server and upload malicious files. Making sure the users in the WordPress admin have strong passwords makes it more difficult for someone to log in and make changes. But our Nashville web design team has seen this is simply not enough.

To prevent hacks or catch and fix them as they occur requires a strong server with a great hosting provider. Coincidentally enough, our Nashville web design company offers this and has been in the WordPress hosting business for over 13 years now. We know what it takes to provide a secure server and how important great support is to along with it. We’ll talk more about what goes into a great website host and give some ideas on how to make sure you are on a secure WordPress server.

What should I look for in a hosting provider?

Picking a hosting provider can be a tough decision. There are lots of different options out there. Pricing isn’t vastly different but if one provider is offering the service at $9.99 and another at $29.99, the gap seems huge. Budget hosting at the lower end is going to be lower quality than the higher-end provider but most businesses don’t know what that means. Let’s explain.

At Nashville web design hosting our focus is on three things: speed, security, and support. The difference between other providers and ours is the server is optimized specifically for WordPress, has fewer websites running on it, the sites and server are more locked down and less accessible, and the support staff is more knowledgeable about WordPress and the technical side of things. This results in your website running faster, which is great for your customers and for search engines, a safer website that is less likely to get hacked, and peace of mind knowing we’ve got your back.

What makes a secure WordPress server?

Getting a website and server to be secure starts with keeping the WordPress website up to date. Every day WordPress comes out with a new update to patch bug fixes and improve security issues. Plugins, the add-ons that create the functionality on the websites, follow suit and make improvements and security patches. Even the themes that are used to make the website design consistently make updates. Since the code to the WordPress core, the plugins, and the themes is easily accessible online, it makes for an easy target for hacks. Exploits run rampant and fixes are offered daily. Our Nashville web design hosting forces updates to these to keep the website secure.

Most of the hack attempts are automated to target large numbers of websites for black hat SEO. This means a script will run to find websites that run on WordPress, run various commands to learn more about the website and server setup, and hit their WordPress admin to try and create a user to log in with and do as they please. Don’t take it personally, hackers just want to make money, and websites that are easier to hack help with that. To prevent this we can hide the admin area to make it harder to automate attacks and block bots that sniff around too much.

Blocking malicious attempts is a key component of keeping the server secure. Most hack attempts follow similar patterns, so identifying those and using a tool to automatically block them is a preventative measure. Even though a hacker may change their IP address to get around blocks, the level of effort has to go up exponentially and usually will only last for so long. Long-term attempts are spotted and blocked at the server level, regardless of the IP address.

Next, we make sure the permissions to the website files are locked down. The primary configuration file is hidden and not accessible to the website user. This makes it harder to make destructive changes and gain access to the database. Also, we lock down the file and folder permissions so running commands in a normal website browser become less destructive. Even if these permissions are changed by our customers, they are corrected and locked back down daily. 

One of the biggest keys to preventing hacks and limiting damage is locking down the uploads directory. Any admin can upload images or files to this directory so it has the potential to create a lot of havoc. Limiting the types of files that can be uploaded, restricting the size of those files, and checking their contents when uploaded prevent many issues. Then, we limit what the outside world can do from the uploads directory. The only business anyone has with this directory is looking at the images that appear on the website. Everything else is restricted.

Things slip through the cracks, so the last piece is to monitor everything with regular scans. We run regular virus scans, check for malware, monitor what is being uploaded, and look at activity being done on the websites within the logs. Custom scripts help check for files that shouldn’t be there and check for those that contain malicious activity. In some cases, when requested by our customers, we also can monitor users logging into WordPress and new users being created. 

In conclusion, a WordPress hack can be a serious issue and is not fun. Using a great hosting provider to secure your website while speeding it up is a great way to avoid a hack and get the additional benefits of a fast website. There are a lot of ways to secure a server but choosing a host that takes security seriously and puts their customers first is key.