How to make your WordPress website secure and deal with threats

What to do if your WordPress site has malware or is hacked

We are coming to the end of this beginner’s introduction to WordPress security and in this last article of the series, let’s look at additional security options and how to clean up a site.

If you missed the previous parts of this series, go to the contents page where you will find links to all the other articles.

Google has been pushing for people to speed up their websites and to improve Core Web Vitals, which is a measurement of how good a site is for visitors. Faster and more responsive sites do better in Google search than competitors, all other things being equal.

Use a CDN with WordPress

One of the ways to speed up a website is to use a CDN, a content delivery network (Wikipedia). This is basically an online service that caches your website and provides it at lightning speed to your visitors. It can make a slow website appear to be much quicker and more responsive.

Your website content is delivered by the CDN and many have security features built in, which means that your WordPress site is more resistant to threats on the internet. Bad bots, denial of service attacks and other threats to your website are much less likely when a CDN is used. Your website is faster too, so it’s a win-win situation.

There are many CDN services and the one you choose depends on many factors, not least of which is the price. Cloudflare provides a free CDN service. It is not as good as the paid service, but if you are on a budget then it is a good option worth considering.

Cloudflare not only makes WordPress websites faster, it adds security too
Cloudflare is more than site speedup, it includes security

If you can afford it, Securi, which provides WordPress security services, also has a CDN. It not only speeds up your website, but it includes a lot of security too, more than is usual with a CDN. The cheapest plan was $199 a year last time I looked, but it is good if you want to combine security with performance.

Bunny is an interesting option that is not free, but because you only pay for the data used, it works out to be inexpensive for low traffic websites. For example, the Standard plan costs $0.01 per gigabyte of data. Get the 14-day free trial to see how much data you are using and how much it will cost you. In addition to speeding up your website, Bunny has a number of WordPress security features like DDoS protection, blocking users by country, IP blacklisting and more.

Restore a backup of WordPress

Suppose your WordPress site is hacked, gets malware or some other security issue arises. What can you do?

The simplest, easiest and quickest action to take is to restore a backup of the site from a time when it was working OK. You should be creating backups at least weekly, but it depends how frequently your site is updated. Daily backups are appropriate for busy sites with daily updates, but if you are an occasional blogger who posts twice a month, then back up on that schedule.

Your web host may provide backups, but do not rely on them. The problem is that the web host may not have backups going back far enough. You may need to restore a backup from last week or last month to recover from a security problem. If you create and store your own backups, you are not limited to the number or how long you can keep them.

There are dozens of backup plugins and services for WordPress, so I will not list them all. Here are a few popular ones. UpdraftPlus has 3 million active installations and is the most popular backup plugin, probably because it has a free version that is good enough for many people.

The paid version of the Jetpack plugin backs up your site, but not the free version. The cheapest plan was £4 a month last time I looked and for a bit more, Jetpack includes WordPress security features alongside the daily backups.

All-in-One WP Migration helps you to move a website from one web host to another. It creates an exact copy of a site that you can download or store online, like Dropbox, Google Drive and other places. This makes a great backup and you can delete your site and restore from the backup to put the site back as it was. It is popular and has around 3 million active users.

After restoring a backup, immediately check for WordPress, theme and plugin updates. They could contain security fixes.

Website clean-up services

What if you don’t have a backup or restoring a backup does not help? What can you do? There are services that offer to clean up your infected or security-compromised website. An expert can remove malware, fix security flaws and restore your site’s health for you. It is not free of course, but it may be worth paying someone to fix your site.

Some WordPress security plugin developers provide clean-up services and an example is Wordfence. It is not cheap and when I visited the site, it was $490, which includes installing the Wordfence Premium security plugin after the cleanup, which is normally $99 a year.

Securi provides malware and hacking clean-up services as part of the plan
Securi will clean-up malware and hacks

Securi was mentioned in the CDN section earlier and the $199 a year plan includes CDN, security and cleanup of malware infected or hacked WordPress. Basically, if you are running Securi and get hacked or malware, they will clean it up for free. That is worth thinking about.

There are other clean-up services and these are just two popular ones.

The end?

This may be the last part in the series, but there is still a lot to learn about maintaining security on your WordPress website. This is just the end of the Beginner’s guide to basic WordPress security. Keep researching security issues and keep abreast of the latest threats.

If you have followed each part of the series and implemented the suggestions, you will have a website that is far more secure than it was at the beginning. Security and protection from hackers and malware is now many times better than it was.

WordPress security Course Contents

  1. How to change the WordPress admin user to something different
  2. Make your website more secure by using strong passwords
  3. How plugins damage the security of your WordPress website
  4. How to use and customise user roles in WordPress
  5. How to recover from website problems with a WordPress backup
  6. How to increase website security with a plugin for WordPress
  7. How to make your WordPress website secure and deal with threats


 

Go to: Discussion Forums | Money-saving deals

(Affiliate links):

WordPress recommends Bluehost Get great web hosting and save money with a Bluehost website from just $3.95/month. Learn more


About Roland Waddilove 392 Articles
Roland Waddilove is interested in technology: Computers, phones, gadgets, software and internet. Long ago he worked on computer magazines, but is now mostly a tech writer for the web.