Ultimate Guide on WordPress Security from Malware Hacks (2019) – Secure from Hackers

Wordpress Security- Secure from Hackers
  • Save

WordPress Security is one ultimate and crucial parts of every websites, unfortunately bloggers don’t pay close attention to obtain full control over the security of their blog.

If you don’t harden the security aspect of your wordpress blog, Hackers can easily penetrate and attack your blog easily by placing dangerous malware codes.

Data have it that in 2019, Google blacklist about 20,000+ website every day because of malware codes that are being served through blogs.

Blacklisted Websites
  • Save
Example of a blacklisted url

Let me tell you something :

Do you know I’ve been hacked before?

I was actually hacked few weeks backs, I got to tell you it was really heartbreaking. yeah because you loose many things. Its very fearful.

My advice don’t allow your self to be a victim.

I did not take wordpress security very serious and as such i let my guards down unfortunately this attackers were clever enough to use that to their evil advantage.

I don’t want you to ever get hacked, I personally decided to share this WordPress Security guide and never get hacked practices with you.

[WordPress Security] Who is Attacking Your Site and Why?

Who is attacking my site and why” is a very important question that is been asked day after day and as such it helps keep you in the right path in securing your WordPress blog.

There couple of reasons why hackers hack websites, which are;


SEO is an accronym for “Search Engine Optimization“, Its a practice where website is been optimized for easy reading by search crawlers.

I covered this guide here:

Bloggers who optimized their site well for search engines definitely gets traffic, which is a very important. Now this hackers looks for sites which gets lot of traffic because the sites is well optimized, they tend to take it down and divert the traffic for their evil needs.


I hate spam more than you do, trust me. but how do you protect your blog from spam.

Website attackers have this mentality of sending spam to people to get them penalized.

Avoid spam
  • Save

Couple of months ago i read about a site been taken down by Google (They totally blocked the site from getting ranked) further researched showed that the primary source of earning penalization from Google was a result of spam.

I believe it was not the intention of the blog owners, but he left his site to be vulunerable to hackers.


Whats the easiest way of attacking Website?

If your thought ran towards Dropping Malware virus! You are a 100% correct.

Hackers develops Malware codes to destroy blogs but for their plans to be maximum effective, they need blogs to test out their badass dangerous codes.

So they test out different blogs to know which works and their flaws.


Your website is also your business and because of that you put in all you have to grow that small little website. With your little efforts you are able to build your brand.

Since your blog brand is improving well these hackers try to manipulate your blog to steal people privacy.

Tips for Detecting a WordPress Hack Early

You still think their is no such things “Hackers“, hacking websites, your wrong!

You think you are doing everything right, you need to know their is every bit of chance that your wordpress blog can be hacked.

A Word of Reminder!

An attacker having access to your website can do a lot of damages to your site which can affect your seo ranking, reputation, possibly cause your website to crumble.

I wouldn’t have written this guide if i haven’t had any encounter with this so called Hackers. I’m a witness to what they can do.

There are pretty number of security tips you can do to improve your odds of detecting any security breaches on your blog.

  1. Visit your Site Often.
  2. Search for your Websites regularly
  3. Set up Email Alerts to get Changes around your blog.
  4. Watch for Unexplained Drop in Traffic.
  5. Get feedbacks from Visitors.

Visit your Site Often

You alone as site owner will always first hand know any security breaches or when your sites breaks down.. That’s absolutely true.

Your visitor can just come read up what brought them but will never know that some really bad things are going on right on your blog.

That’s a real need why you need to visit your sites often.

Search for your websites regularly

Somewhat similar to the tips above right.. Kinda true anyway.

but here you got to go advance.

Some hacked site can look pretty normal to daily blog readers but can be serving up malicious code.

By searching for your website blog regularly you should be able to catch up one before it even happens.

This has to be through the back-end of your site.. you need to do periodic scans, check for conflicting plugins.

Set up Email Alerts to get changes around your Blog

Receiving Emails on a daily basis is a good thing right?

No need of opening several tabs just to know situation of things. you can get all info right through your mail box.

Setting up email alert is a very good way to combat getting hacked. you will always know first hand when changes to your sites are been made.

Watch for Unexplained Drop in Traffic

I always hate when my traffic starts reducing but in this case it’s a good thing.

Hilarious right! why say it’s a good thing?

when I got hacked this helped me summarized the whole thing. without loosing that great deal of traffic I never would have known.

Always check for drop in traffic.

6 Effective Security Tips to stay ahead of WordPress Hackers

  1. Keep Word press Core Clean and up to date
  2. Maintain High level password
  3. Always use WordPress Security Plugins
  4. keep WordPress Plugins and Themes files up to date
  5. Ensure 2 factor Verification
  6. Implement HTTPS certificate
  7. Always do Backup on a Regular Basis

Keep WordPress Core Clean and up to date

WordPress is an open source developed by big brains that makes it easier in creating websites without too technical skills.

When it comes staying safe from hackers, you should make sure you keep WordPress core updated and clean.

php versions chart
  • Save

Keeping it up to date should be made priority reason because any issues from it can tarnish your blog completely, same applies to hackers.

WordPress Community makes sure to provide a new update to combat issues faced from the older version.

Maintain High Level Password

Password is your only key saying “Yes I’m the Owner”.

In making sure to keep your blog completely secured, Using High Level difficult to crack Password is very important.

When i say high level password, i mean a password that is very difficult to crack or mixture of words can be nearly impossible to guess.

To keep things straight, in order to make sure your password is far from easy to guess, try missing words with numbers, symbols, upper case letters.

For example:

123456789 and obiJon23_@c

Between these example, you can confirm as well that the first example is very easy to guess.

A hacker can just be testing out different combinations and then come to put in that password, voila they have access which is what we don’t ever want to happen.

But if it was to be the second example, it will take years for anyone to crack that kind of password.

Always make sure you create hard to guess password to avoid easy passage for hackers.

Always use WordPress Security Plugins

In as much that you follow all processes whole heartedly to secure your blog, you can always forget a thing or things to implement.

That is one primary reason why you need a security plugin to ensure you are on the right track. Besides plugins are built to help ease bloggers life.

There are series of free wordpress security plugins that helps aid us the stress to harden our blogs.

  • Save

Here’s a list of Strong WordPress Security Plugins

  • Wordfence
  • Succuri
  • All in One Security
  • IThemes Security

These are Security plugins that i have personally tested and used and i highly recommend them to you.

keep WordPress Plugins and Themes files up to date

Plugins and themes is something you cant resist when it comes to beautifying your website.

Keeping WordPress Plugins and Themes up to date is one vital step to keeping hackers far away from your website.

These days we hear about plugins being hacked and because of this Developers solely makes sure to issue an update to combat those issues.

In as much as they try to bring out new upgrade, we should also implement the upgrade.

Ensure 2 Factor Verification

Have you tried logging to a site with a person and they ask for a second different login?

If you had, you will notice that without access to the second verification password, you can’t use those site.

That’s the real power in having maximum security over your blog.

2 factor verification helps in keeping hackers out.

To implement 2 factor verification, you need to have it’s plugin.

There are two trusted plugins that does the job well

  1. Google Authenticator
  2. Rublon

You just install it like any other plugin and follow it’s instructions.

Implement HTTPS Certificate

Having a green padlock over the browser is such a beautiful thing, and it’s also helps telling visitors “Hey you! My site is fully secured”

Here’s how a site with SSL certificate installed looks like

SSL (WordPress HTTPs) certificates help keep visitors details private.

Getting your site fully secured by ensuring HTTPS is not at all that difficult.

Nowadays, when you buy a Hosting for a blog, you get a free SSL certificate (Let’s install) Software.

You just go through your cpanel and locate and install.

Making sure your site is HTTPS install should be primary.

Always do Backup on a Regular Basis

Back up is one tool that has saved thousands of wordpress users.

Back up has saved me alot too. You never know how it feels if you don’t do backup. I’m a kind of person that loves testing out new things.

In doing so most times, I end up hurting my site real bad. that means a total start a fresh.

Now here’s the fun part. since I always back my wordpress blog, I don’t have to start doing things all over again.

That’s the power of BACKUP

Its also applicable for wordpress security!

While hardening your site from attackers, it is also a pro tip that you should always do backup.

Probably nothing bad gonna happen but it’s just to be on a safer side..

There are WordPress plugins that are built specifically for that.

  • Updraft
  • Backup Buddy
  • Vaultpress


Securing your blog is as good as writing New Content, and as such should be taught and practice by all blog owners.

Do you have any suggestions or question, You can drop below

Hi, I'm Henry Obilor, founder of WhyteTips. Whytetps is a knowledge driven hub aim at guiding bloggers to start, grow and scale their blogs to profitable businesses. We provide actionable tips to help you leave a boss free life.

16 thoughts on “Ultimate Guide on WordPress Security from Malware Hacks (2019) – Secure from Hackers”

  1. Hey Henry,

    Being hacked is no fun! It is one of the scariest moments in any bloggers career. I had been there too.

    Thanks for sharing the practical tips to stay safe


  2. Hello Henry,

    Thank you very much for sharing this details article. I have pinned it.

    Also, could you please share more details on how one can implement 2-factor verification for a blog? Do we have any reputed plugins for this?

    • You should stay clear of using two separate plugins that offers same solution. Using two security plugins can cause conflicts.

      My advice stick to a plugin that offers what you need.

  3. Hey Henry,
    Thanks for sharing such an amazing and in-depth article on WordPress security.

    WordPress security has always been neglected by most of WordPress users and because of that, lot’s of WordPress websites get hacked every day. For every website owner, Implementing maximum security should always be the first priority.

    Either way, thanks for sharing tips to tighten your blog.

    • I agree ‘You must ensure your site is rightly secured, to avoid getting hacked’.

      Thanks Tushar 🙂

  4. Henry,

    Thanks for your article that talks about the most essential topic in WordPress. I agree we should be alert and protect our WordPress site from external malware. And, having back-up is always a wiser idea. I use BackupBuddy to do so.
    Also, I loved your ideas to identify hacks early. We should always keep an eye on these crucial aspects that could ruin our growth exponentially.

Leave a Comment

Copy link
Powered by Social Snap