Understanding WordPress Security from the ground up

This is meant to be an evolving document as I get time to update it and add more information.

Keeping your WordPress site safe can be explained in simple terms that any lay person can understand. There is no need for then“complicated” technical jargon its just a series of well defined security principles that have been around for years.

Part 1 — Why way my site hacked?

The first thing you need to understand is what value hackers gets from your defacing your site. No matter how large or small the site is they can reap profits in many different ways, but some of the the most common are inserting hidden back links to manipulate search engine results, botnets, and phishing expeditions. In the end its all about money or fame.

Further Reading

Why was my WordPress site hacked?
Why would anyone be interested in my site?
Part 2 — Come up with a disaster recovery plan

When you are in the planning stage of your site the first step is to come up with your disaster recovery plan in case something does happen. This should be a well defined set of steps of what to do in the event of an emergency and have all the information needed easily accessible.

Further Reading

11 things about your website you need to keep in a secure location.
The first step of any disaster recovery plan is to record all the important information. Here are 11 you need to keep a…

Part 3— Securing your site

After your site is up and running there are a few things that need to be done to put yourself on a good foundation. At the top of this list are keeping your site updated and having good backups.

Further Reading

Most common Security Problems with WordPress and how to fix them
Problem #1
Securing WordPress Sites
We take security of our sites (and our customers) seriously. Our primary focus is dealing with agencies of varying…

Part 4 — What to do if your site is hacked.

In the event you are hacked its probably best to call a professional but here are the exact steps we take we would take.


Further Reading

Steps do take if your website is hacked.
Step 1 Take the site offline with .htaccess Add this to your HTACCESS make sure the down.php exists.


This is an awesome too for profiling sites.Written in Ruby.

Learn from the masters