What to Do After a WordPress Hack?

By April 28, 2020 No Comments

Many WordPress users do not realize the importance of backups and site security until it is hacked.

Cleaning a WordPress site or malware removal of WordPress can be tricky, time-consuming, and must be done in a state of the art. This is why we recommend that you call on experienced professionals ( WP Assistance ) who know best practices for cleaning, but also for restoring your site and ensuring that the flaw/source of the problem is resolved.

In some cases, you should also consider resubmitting your site in the Search Console so that Google reconsiders it to be a healthy site. Finally, you may need to contact the antivirus companies to have them removed from their blacklist if that was your case. We often forget these steps, but the pros, meanwhile, usually perform these operations after a complete cleaning of your site.

Best WordPress Security Plugins

We have seen throughout this guide that you can use plugins dedicated to  WordPress security depending on the features you want to implement. We have therefore selected for you the TOP 10 security plugins for 2018:

1. WordPress “multi-function” security plugins:

If you are looking for plugins that offer a whole range of features in one place, you should turn to these freemium plugins, the best on the market today. They offer many features, but to activate them all, you will have to switch to a premium version, otherwise, you will have to supplement them with other specific plugins in order to  cover all the security points  to set up:

  • Astra Security: This plugin is easy to use, its dashboard is pretty well explained and it already fills a lot of security points. Prevents 80+ web app security flaws with a razor-sharp security engine, honeypots & intelligent mechanisms.
  • iThemes Security: one of the market leaders, its use is rather simple. It is divided into several modules that you can activate or not according to your needs. Its interface is not fully translated into French (if at all). It remains quite complex to configure.
  • Wordfence: It’s two million active installations speak volumes about this security plugin which offers a firewall and a malware scanner. It also offers other features such as comparing files from the heart of WordPress, your themes and plugins, changing or rewriting files, etc. Its interface is complicated to handle
  • Sucuri: This plugin is also very popular with its 300,000 active installations. It is a virus scanner that also offers a WAF (FireWall). Its administration is rather simple, but all in English.

6.2 – Plugins dedicated to WordPress login:

As we saw earlier, the login page is a vulnerable part of your site. You can then add functionalities to enhance its security.

  • WPS Hide Login and Move login: these 2 French plugins are disconcerting because they are so easy to use. Thanks to them, you will be able to change the URL for connection to the administration of your site. So, when malicious people try to access your administration via  / wp-admin /  or wp-login.php, an error will be displayed.
  • WP Security Question: this plugin will add a security question to the login page of your site. Yet another layer to avoid malicious connections. You will be asked a question, you will have to answer it correctly in order to access your back office, for example:  What is your dog’s name?  (this is configurable).
  • Inactive Logout: this plugin allows you to configure the idle time from which the user will be automatically logged out of the back office. This can be interesting if the administrators of your site work in open spaces or co-working. You can never be too careful!
  • WP Limit Login Attempt: this plugin is easy to configure and it will lock the connection to your back office after several unsuccessful attempts. Thus, if an attacker tries to guess your password, he will be quarantined before he can try to connect again. It also allows adding a verification by CAPTCHA.

6.3 – Plugins to save WordPress:

  • Updraft Plus: this plugin is very simple. In less time than it takes to say it, you will have already configured its parameters and made your first backup. This can be stored in your files, on your hosting, or you can configure it so that the backups go to remote storage among those offered by the plugin.
  • Backup & Restore DropBox: Just like Updraft Plus, you can make your backups with the difference that they can only be stored in your Dropbox account.
  • BackWPup: Another backup plugin, just as effective as the other two. Maybe the procedure is a little less intuitive and the backup a little slower.
Read More: Important Tips to Create Your Own WordPress Web Design