Top 5 Ways to Protect WordPress Website From Malware

by Klaus on November 4, 2017

in Articles, Blogging

More than 60% of WordPress users don’t take the issue of site security serious until they actually get hacked or got infected by malware and viruses. You don’t have to wait until you run into problems to start protecting yourself. If you have ever been infected by a Malware, you will know that is the worst place you want to find yourself as a webmaster.

With WordPress powering over 80 million websites, it is safe to say that WordPress issues are one of the most widely discussed on the internet. On the top of the list is malware infection of WordPress sites. For most website owners, malware is a burden they have to deal with.

What is This Malware Anyway?

Malware stands for malicious software. You can see it as an intrusive code that tries to take over your website. Unfortunately, malware can come in various forms such as:

  • Viruses
  • Trojan Horses
  • Drive-by Downloads

Most successful WordPress security problems are typically the result of human error. These errors can be one of the following:

How Can I Get Infected By Malware?

1. When You Fail to Update Your WordPress Version

If you have your own WordPress website, I’m pretty sure you periodically receive updates about new WordPress version available. Each time you ignore this message, you are exposing your website to the risk of malware. Your website will be more susceptible to malware when you refuse to constantly update it to newer versions of WordPress.

2. When You Fail to Update your Plugins

Your site can also get attacked from outdated plugins. Plugin developers usually update it on regular basis to fix bugs and improve performance. Don’t wait to get attacked before you take action. Always update your plugins before malware finds its way to your website.

3. When Your Login Detail is Easy to Guess

WordPress is a hotbed for hackers. Hackers are always trying to get access to your website when you are using easy-to-guess password and username, you are simply extending an open invitation to hackers to come and do with your website how they please.

4. When You Upload Infected Plugin or Use Virus Infected System

If you are the type that always looks for “Free plugins” from websites that lack credibility, you may end up shooting yourself in the leg. Don’t upload any plugin from a untrusted source to your website and don’t use virus-infected PC to log into your website.

Alright, now you’ve known the top causes of malware infection, we can go ahead and discuss how you can protect your website from malware infections:

Top 5 Ways to Protect Your Website From Malware Infection:

1. Start By Using a Strong Password

This is the least you can do for your website. When you use a strong password, you make it hard for hackers to get access to your website. To get a strong password to protect your WordPress site, use a mix of

  • Alphabets (upper and lower cases)
  • Numbers
  • Special characters

If you found it hard to remember your password, that’s a good sign. You can make use of software such as LastPass to remember all your passwords.

Note: Change the “admin” username given to you when you created your WordPress to a unique username. I will also suggest you use 2-Factor Authentication (2FA) to add an extra layer of security to your website.

2. Constantly Update and Upgrade your WordPress Version and Plugins

Don’t wait to be infected by malware before you decide to update your WordPress version as well as your plugins. In most cases, all you need to complete an update is just a click of a button, but most people are either too lazy to do this or turn a blind eye until they get infected. Don’t be a victim; be proactive in updating your website and you will have few cases of malware to worry about.

3. Only Use Themes and Plugins From Trusted Sources

Most hackers hid malware in free plugins and themes. If you are an average WordPress user, you won’t know this until you get infected. In fact, you will be happy that you’ve just downloaded a premium plugin/theme for free without knowing that you are about to shoot yourself in the leg. Most of these free plugins/themes contain malware or spam bots that will hinder the performance of your website or give hackers access to steal critical information and even spread viruses to your website users.

4. Connect to your server securely

Another way to beat malware or reduce chances of occurrence is to connect the server only through SSH or SFTP. On a given day, most WordPress users make use of the more traditional FTP. However, SSH or SFTP comes with better security features that allow safe transfer of all files with less chance of getting infected by malware. If your website hosting plan doesn’t come with this service, you can read up how to do it manually.

5. Backup Your Website Regularly

We live in a world that is full of uncertainties. No matter how careful you are, something unexpected can still happen. I suggest you use a premium security program to back up your website on a regular basis. This way, if something happens to your website, you can always recover your important files and get your website back online.


Alright, there you have it. With over 70% of WordPress installations being vulnerable and more than 17 million websites getting attacked almost on monthly basis, it is high time you started taking your WordPress security very serious. Don’t lose your hard work and possibly your means of livelihood to hackers because you refuse to start taking your WordPress security a little bit more serious.


{ 2 comments… read them below or add one }

umar Tanu November 5, 2017 at 13:31

how can i protect site from spammy comments?

David January 29, 2018 at 21:15

Great ways. Now i can protect my site from malware.


Previous post:

Next post: