Protecting WordPress website from spam and hackers.

Protecting WordPress website from spam and hackers.

Home Forums Design and Development Protecting WordPress website from spam and hackers.

This topic contains 5 replies, has 6 voices, and was last updated by webangel webangel 2 years, 10 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #2181


    • Total posts: 3

    Most of the sites I create are done with WordPress. I noticed recently many of them were hacked, and a few of my clients complained about increased spam in comments and from the contact form. Are there any plugins you guys recommend or techniques to protect WordPress sites?



    • Total posts: 3

    Use recaptcha. Google recently released a new version of it:

    Link to the WP plugin:



    • Total posts: 28

    Likes: 4

    I also work mainly with WordPress and I faced the same situation. Over the last few months I started following a few rules (listed below) which almost completely removed the problems you describe:

    With any WordPress installation, follow these rules:

    1. WP Security – this is a great free plugin, which dramatically increases your website security. You should activate at least 80% of the settings the plugin provides.

    2. You definitely need to make sure the website has a daily backup. I always recommend to my clients – it only costs $5 per month, is easy to set up and makes daily backups of the website, letting you restore old versions with one click. Of course you can also have some backups on your own server, but this is usually a paid option and much more expensive than $5/month. This tool also lets you know when code on your site changes, which is helpful with detecting any suspicious activity on the server.

    3. When customizing the theme and plugins make sure to do it in a way that you can update them! This is crucial. Avoid modifying their core files, changing the look of plugins can usually be done by CSS, also use Actions, Filters, and Hooks (WordPress Codex: add_action, do_action, remove_action, add_filter, apply_filters). Also: use child theme ( and do not download plugins and themes from unknown sources.
    4. Use strong passwords (to the server and wp-admin), avoid sharing access to FTP with anybody.
    5. Keep your plugins and WordPress updated (use staging environment before major updates).
    6. Sign up for and monitor if your site is black listed anywhere.

    7. Install captcha on your Contact Form, and make bigger restrictions on comments (



    • Total posts: 5

    Keep your antivirus updated! To deal with maleware on your machine I recommend



    • Total posts: 5

    Likes: 2

    I use Sucuri and it logs attacks by IP addresses. I now block those IP’s in the .htaccess file. I have knocked 90% of the attacks out. I have also blocked the login.php page from showing except for my IP and client’s ips.



    • Total posts: 6

    Likes: 1

    Well set up WP Security plugin is something I recommend.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Want to contribute to the discussion or ask a question?  Login  or  register  for free... and there are more benefits from the membership than access to the forum!