Many free plugins for WordPress, maybe outdated, vulnerable, badly coded and may no longer be supported by an active development team. This means that using such a plugin may be detrimental to your website’s security and may lead you to being a hacking victim due to the flaws in that plugin. Always install plugins which have good reviews, good ratings, are compatible with your current version of WordPress and which are regular updated by an active developer team. You can see the plugin details and inspect them before integrating it with your website. And for security – there is a new plugin that is making the life of hackers really hard and we think every serious webmaster should use it for ultimate WordPress security. This plugins is hide my wp. It is a premium plugin, but don’t worry you get to download the demo first to try it out, but we know that you are going to love it.
The same applies to WordPress Themes as well. Always read the theme reviews and see their rating before you choose a theme. Also, just because you pay for a theme does not mean that it is more secure or has no vulnerabilities, the only advantage will be that you will be able to contact the developers to patch your theme or update it. Bad coding in the themes may lead your site to become slow or open it up for hackers to exploit.
Always keep your WordPress major version and all other themes and plugins up to date. You can do this manually or if your web host provides you with an auto installer, you can allow the auto installer to update WordPress, the themes and the plugins through a scheduled cron command. Keeping your site in sync with the latest version will prevent hackers from exploiting old vulnerabilities, for which a fix is already available. Although this is a very simple and easy counter-measure, keeping updated software can go a long way in ensuring security.
Always backup your site regularly and maintain a remote backup location in case of a disaster or damage to your site. Keeping a remote backup location is ideal, so that you “do not keep all your eggs in one basket”. Make sure that your backup is easy to restore in the event of an emergency. While you can backup parts of your website separately Eg: Database, FilesPsychology Articles, Image etc. you can also have a compressed zip backup of your entire website in a single file. Auto Installer software allow you to schedule nightly backups and set the backups to happen automatically.
Don’t forget to test your website for any known exploits or vulnerabilities before the hackers do. Free online tools like Sucuri Website Scanner will scan your website and suggest some security measures. They will also alert you of any major flaws in the system and will also indicate any outdated WordPress versions. Better scan your website before the hackers do.