We all have been there another WordPress website being hacked. It could have been from Revolution Slider or even the core version of WordPress. You can prevent this by updating your stuff (no brainer). But to prevent and protect yourself in the future by doing these 5 quick tips in WordPress.
- Prevent editing of files (plugins & appearance) within the CMS Dashboard by adding this line of code in the wp-config.php file:
- Rename the administrative account: When creating an administrative account, avoid easily guessed terms such as admin or webmaster as usernames because they are typically subject to attacks first. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin’;, or by using a MySQL frontend like phpMyAdmin.
- Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is wp_, the default. Changing this can block at least some SQL injection attacks.
- Finding that extra security like a firewall, a great company I have worked with in the past is a company called Sucuri. I am not affiliated with them specifically, I did meet the owner Tony at WordCamp in 2015, he was a great guy!
- Do not allow your plugins or core of WordPress become outdated, take the extra time and update everything. It will save you hours from cleaning a backdoor or a huge encrypted hack.
Any questions or need assistance, feel free to reach me on twitter or email me at email@example.com 🙂