{"id":138338,"date":"2023-12-13T14:59:03","date_gmt":"2023-12-13T14:59:03","guid":{"rendered":"https:\/\/www.techopedia.com\/?post_type=how-to&#038;p=138338"},"modified":"2024-01-06T10:34:15","modified_gmt":"2024-01-06T10:34:15","slug":"how-to-protect-your-wordpress-site-from-cybersecurity-threats","status":"publish","type":"how-to","link":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats","title":{"rendered":"How to Protect Your WordPress Site From Cybersecurity Threats"},"content":{"rendered":"<p>If you own or manage a WordPress website, you know very well how security should always be your first and foremost priority.<\/p>\n<p>Besides the serious risk of losing your business, hackers can also steal private or sensitive data from your users and logs.<\/p>\n<p>This may have severe repercussions for your brand&#8217;s reputation and credibility and may even leave you with legal repercussions.<\/p>\n<p>Whether it&#8217;s a <a href=\"https:\/\/www.techopedia.com\/definition\/10261\/distributed-denial-of-service-ddos\">DDOS<\/a> attack, a <a href=\"https:\/\/www.techopedia.com\/definition\/prompt-injection-attack\">malware injection<\/a>, or a <a href=\"https:\/\/www.techopedia.com\/definition\/18091\/brute-force-attack\">brute-force credentials hijack<\/a>, chances are an army of people (and bots) are always hunting for a target.<\/p>\n<p>Taking all necessary action to secure your perimeter is critical to minimize all these risks. In the case of WordPress, there are many simple things you can do to significantly reduce the chances your website&#8217;s safety is violated.<\/p>\n<p>Let&#8217;s have a look at them.<\/p>\n<div>\n    <section class=\"toc-sticky w-100 bg-white \">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\"\n                 aria-controls=\"multiCollapse1\"\n                 data-bs-target=\"#multiCollapse1\">\n                <button\n                        class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\"\n                >\n                    <i class=\"icon-chevron-up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n                <span class=\"toc-main-title-permanent\">Table of Contents<\/span>\n            <\/div>\n            <div\n                    class=\"collapse my-3\"\n                    id=\"multiCollapse1\"\n            >\n                <ol class=\"StepProgress\">\n                                                                        <li class=\"StepProgress-item current\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"how_to_protect_your_wordpress_website_from_cyber_threats\"\n                               onclick=handleScrollToTitle(\"how_to_protect_your_wordpress_website_from_cyber_threats\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">How to Protect Your WordPress Website From Cyber Threats<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"the_bottom_line\"\n                               onclick=handleScrollToTitle(\"the_bottom_line\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">The Bottom Line<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                    <\/ol>\n                <div class=\"toc-sticky__container__disperse\"><\/div>\n                <div class=\"toc-sticky__btn-top justify-content-center\">\n                    <button class=\"btn btn-link d-flex align-items-center\" onclick={btnTop()}><p>Show Full Guide<\/p><img decoding=\"async\"\n                                src=\"\/wp-content\/plugins\/table-of-contents\/assets\/images\/arrow-up-circle.svg\"\n                                alt=\"arrow-up-circle\">\n                    <\/button>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/section>\n    <div class=\"toc-sticky-list\">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\" aria-controls=\"multiCollapse2\" data-bs-target=\"#multiCollapse2\">\n                <button class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\">\n                    <i class=\"icon-chevron-up up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n            <\/div>\n            <div  class=\"collapse my-3\" id=\"multiCollapse2\">\n                <ol class=\"StepProgress\">\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item current \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"how_to_protect_your_wordpress_website_from_cyber_threats\"\n                                   onclick=handleScrollToTitle(\"how_to_protect_your_wordpress_website_from_cyber_threats\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">How to Protect Your WordPress Website From Cyber Threats<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"the_bottom_line\"\n                                   onclick=handleScrollToTitle(\"the_bottom_line\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">The Bottom Line<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                                    <\/ol>\n            <\/div>\n            <div class=\"toc-sticky__container__disperse\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n<script id=\"toc-js\">\n    window.addEventListener(\"DOMContentLoaded\", () => {\n        const header = document.querySelector(\".header_wrapper\");\n\n        const pageLegend = document.querySelector('#multiCollapse1');\n        const pageLegendList = document.querySelector('#multiCollapse2');\n        const pageLegendCollapse = new bootstrap.Collapse(pageLegend, {toggle: document.querySelector(\".toc-sticky\").classList.contains('sticky')});\n\n        \/**\n         * Changing current title\n         *\/\n        (function (pageLegend) {\n            const titleNodes = pageLegend.querySelectorAll('.StepProgress-item__link');\n\n            if (!titleNodes.length) return;\n\n            const titles = [...titleNodes].map((itm, i) => ({\n                id: itm.getAttribute('data-id'),\n                text: itm.textContent,\n                level: itm.getAttribute('data-level'),\n                linkNode: itm,\n                titleNode: document.getElementById(itm.getAttribute('data-id')),\n                index: i,\n            }));\n\n            \/**\n             * Source: https:\/\/www.sitepoint.com\/throttle-scroll-events\/\n             * @param {Function} fn\n             * @param {number} wait\n             * @returns {(function(): void)|*}\n             *\/\n            const throttle = (fn, wait) => {\n                let time = Date.now();\n                return function () {\n                    if ((time + wait - Date.now()) < 0) {\n                        fn();\n                        time = Date.now();\n                    }\n                }\n            }\n\n            const changeCurrentTitle = () => {\n                const documentScrollTop = window.pageYOffset || document.documentElement.scrollTop || document.body.scrollTop || 0;\n                let current = 0;\n\n                \/\/ Title\n                titles.forEach((itm, i) => {\n\t\t\t\t\/\/console.log(itm)\n                    const itmOffsetTop = itm.titleNode ? itm.titleNode.offsetTop - 100 : 0;\n\n                    if (documentScrollTop >= itmOffsetTop) {\n                        document.getElementById('toc-current-title').innerHTML = itm.text;\n                        document.getElementById('toc-current-title').setAttribute('data-current-id', itm.id);\n                        document.getElementById('toc-current-title').setAttribute('data-current-level', itm.level);\n                        current = i;\n                    }\n                })\n\n                \/\/ close all list and open sub list if needed\n                if (document.querySelector(\".toc-sticky\").classList.contains('sticky')) {\n                    document.querySelectorAll('.subList-in-progress').forEach((el) => {\n                        el.children[1].classList.remove('show');\n                        el.getElementsByClassName('icon-chevron-down')[0].classList.remove('up');\n                    });\n                    const currentEl = titles[current];\n                    currentEl.linkNode.classList.add('show');\n                }\n\n                titles.forEach((itm, i) => {\n                    itm.linkNode.parentNode.parentNode.classList.remove('current', 'is-done');\n                    if (current > i) {\n                        itm.linkNode.parentNode.parentNode.classList.add('is-done')\n                    };\n                    if (current === i) {\n                      itm.linkNode.parentNode.parentNode.classList.add('current');\n                    };\n                })\n\n            }\n\n            changeCurrentTitle();\n\n            document.addEventListener('scroll', throttle(changeCurrentTitle, 50));\n        })(pageLegend);\n\n\n        \/**\n         *  Collapse\n         *\/\n        (function (pageLegend, header) {\n            const icon = pageLegend.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = (status) => (e) => {\n                if (!e.target.isEqualNode(pageLegend)) return;\n\n                icon.classList.toggle(\"up\");\n\n                const containerHeight = pageLegend.getBoundingClientRect().height;\n\n                const showSubtitleContent = () => {\n                    const currentId = document.getElementById('toc-current-title').getAttribute('data-current-id');\n                    const currentLevel = document.getElementById('toc-current-title').getAttribute('data-current-level');\n                    const currentSubTitle = currentLevel == 3 ? document.querySelector(`a[data-id=\"${currentId}\"]`).parentNode.parentNode.parentNode : false;\n\n                    if (!currentSubTitle) return;\n                    new bootstrap.Collapse(currentSubTitle, {toggle: false}).show();\n                }\n\n                showSubtitleContent();\n\t\t\t\tconsole.log(status+'fdsfsd'+containerHeight);\n                if (status === 'shown' && document.querySelector(\".toc-sticky\").classList.contains('sticky') ) {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.add('overflow-auto');\n                    pageLegend.style.height = `calc(100vh - ${header.getBoundingClientRect().height + document.querySelector('.toc-sticky__open').getBoundingClientRect().height + 16}px)`;\n                } else if (status === 'hide') {\n                    document.querySelector('html').removeClass('overflow-hidden');\n                    pageLegend.classList.remove('overflow-auto');\n                    pageLegend.style.height = 'auto';\n                }\n            }\n\n            pageLegend.addEventListener('shown.bs.collapse', collapseToggle('shown'));\n            pageLegend.addEventListener('hide.bs.collapse', collapseToggle('hide'));\n        })(pageLegend, header);\n\n        \/**\n         * Collapse sub-titles\n         *\/\n        (function (pageLegend) {\n            const collapseEls = pageLegend.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegend);\n\n        \/**\n         *  Collapse main title\n         *\/\n        (function (pageLegendList) {\n            const icon = pageLegendList.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = () => (e) => {\n                if (!e.target.isEqualNode(pageLegendList)) return;\n\n                icon.classList.toggle(\"up\");\n\n            }\n            pageLegendList.addEventListener('shown.bs.collapse', collapseToggle());\n            pageLegendList.addEventListener('hide.bs.collapse', collapseToggle());\n        })(pageLegendList);\n\n        (function (pageLegendList) {\n            const collapseEls = pageLegendList.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.toc-sticky-list .collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegendList);\n\n        \/**\n         * Sticky functionality\n         * Source: https:\/\/stackoverflow.com\/questions\/17893771\/javascript-sticky-div-after-scroll\n         *\/\n        (function (header, pageLegendCollapse) {\n            \/\/ set everything outside the onscroll event (less work per scroll)\n            const target = document.querySelector(\".toc-sticky\");\n            const targetListStatic = document.querySelector(\".toc-sticky-list\");\n\n            if (!target || !header) return;\n\n            const headerHeight = header.getBoundingClientRect().height;\n            const targetHeight = targetListStatic.getBoundingClientRect().height;\n\n            \/\/ -headerHeight so it won't be jumpy\n            const stop = targetListStatic.offsetTop + headerHeight + targetHeight;\n            const docBody =\n                document.documentElement || document.body.parentNode || document.body;\n            const hasOffset = window.pageYOffset !== undefined;\n\n            const applySticky = function () {\n                \/\/ cross-browser compatible scrollTop.\n                const scrollTop = hasOffset ? window.pageYOffset : docBody.scrollTop;\n\n                \/\/ if user scrolls to headerHeight from the top of the target div\n                if (scrollTop >= stop) {\n                    pageLegendCollapse.hide();\n                    \/\/ stick the div\n                    target.classList.add(\"sticky\");\n                    \/\/target.style.marginTop = `${headerHeight}px`;\n                } else {\n                    pageLegendCollapse.show();\n                    \/\/ release the div\n                    target.classList.remove(\"sticky\");\n                    target.style.marginTop = \"\";\n                }\n            }\n\n            applySticky();\n\n            window.addEventListener('scroll', applySticky);\n        })(header, pageLegendCollapse);\n\tjQuery('span.show_moretoc').click(function(){\n\t\tjQuery('span.show_moretoc').hide();\n\t   jQuery('.ms_hidetoc').show();\n\t});\n    });\n\n    \/\/ When the user clicks on the button, scroll to the top of the document\n    function btnTop() {\n        const pageLegend = document.querySelector('#multiCollapse1');\n        document.querySelector('html').classList.remove('overflow-hidden');\n        pageLegend.classList.remove('overflow-auto');\n        pageLegend.style.height = 'auto';\n        window.scrollTo({\n            top: 0,\n            behavior: 'smooth'\n        });\n    }\n\n    const handleScrollToTitle = (id) => {\n        const el = document.getElementById(id);\n        const headerHeightDifference = window.innerWidth < 992 ? -30 : -15;\n        window.scrollTo({\n            top: el.offsetTop - 60 - headerHeightDifference - 10,\n        });\n    }\n<\/script>\n\n<h2><span id=\"how_to_protect_your_wordpress_website_from_cyber_threats\">How to Protect Your WordPress Website From Cyber Threats<\/span><\/h2>\n<h3>1. How to Install WordPress Plugins<\/h3>\n<p>Before we delve into the various ways you can improve your website&#8217;s security, knowing how to install plugins in WordPress is a requisite. Many of these security tips involve installing one or more of these simple tools, and the entire procedure is relatively straightforward.<\/p>\n<p>From your site&#8217;s Dashboard, go to the Plugins: Add New Plugin page.<\/p>\n<figure id=\"attachment_138319\" aria-describedby=\"caption-attachment-138319\" style=\"width: 1875px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138319\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins.jpg\" alt=\"Adding Plugins to WordPress\" width=\"1875\" height=\"652\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins.jpg 1875w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-300x104.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-1024x356.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-768x267.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-1536x534.jpg 1536w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-1200x417.jpg 1200w\" sizes=\"(max-width: 1875px) 100vw, 1875px\" \/><figcaption id=\"caption-attachment-138319\" class=\"wp-caption-text\">Adding Plugins to WordPress<\/figcaption><\/figure>\n<p>Here, you have two options:<\/p>\n<p>The first is to manually search the plugin, click on it, and install it.<\/p>\n<p>Otherwise, you can manually download the plugin from any website and then upload it on your WordPress dashboard.<\/p>\n<p>When you upload the plugin from an external website (such as the <a href=\"https:\/\/wordpress.org\/plugins\/\" target=\"_blank\">WordPress Plugins repository<\/a>), it will come as a .zip file. Click on the Upload Plugin button at the top of the screen, select that file, and then click Install Now.<\/p>\n<h4>Disclaimer and Words of Advice<\/h4>\n<p>Please note that while all the plugins we listed in this article are safe and secure, there&#8217;s always a chance they might lead to internal conflicts.<\/p>\n<p>This can happen more frequently if you have installed multiple plugins or incorporated some custom scripts in your website.<\/p>\n<p>As general advice, if you do not like a plugin or are unsatisfied with its functions, do not install another one with similar functions.<\/p>\n<p>Many plugins serve the same role, especially those with multiple functions, such as spam filters that act as firewalls.<\/p>\n<p>Two plugins serving the same purpose will likely get in each other&#8217;s way, so pick the one that suits your needs best and uninstall or at least deactivate the other.<\/p>\n<p>You can do so from the Plugins: Installed Plugins page by clicking on the Deactivate function in the plugin description you want to deactivate.<\/p>\n<figure id=\"attachment_138321\" aria-describedby=\"caption-attachment-138321\" style=\"width: 1860px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138321\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate.jpg\" alt=\"Deactivating WordPress Plugins\" width=\"1860\" height=\"638\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate.jpg 1860w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate-300x103.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate-1024x351.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate-768x263.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate-1536x527.jpg 1536w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Plugins-Deactivate-1200x412.jpg 1200w\" sizes=\"(max-width: 1860px) 100vw, 1860px\" \/><figcaption id=\"caption-attachment-138321\" class=\"wp-caption-text\">Deactivating WordPress Plugins<\/figcaption><\/figure>\n<p>You can permanently activate them again later unless you delete them.<\/p>\n<p>In any case, ensure you always back up your database before installing anything on your website so you always have a safe recourse if something unexpected happens.<\/p>\n<p>If you don&#8217;t want to install another plugin to back up your WordPress site, you can do that safely from your web host dashboard. The exact steps to back up your site may vary depending on your hosting services. You can also work through your respective File Manager, such as cPanel, Plesk, or Webmin.<\/p>\n<h3>2. Protecting Your Website from Brute-Force Attacks<\/h3>\n<p>One of the most dangerous situations you may face is having your entire website stolen by some cybercriminal. Hackers will try to brute-force their way through your login page to steal your credentials and gain access to your database.<\/p>\n<p>Since, by default, all WordPress logins are placed in the same two subdirectories (\/wp-admin or \/wp-login.php), it&#8217;s straightforward to find them and start an attack to illegally gain access to the site.<\/p>\n<p>The default login URLs for WordPress sites are usually the following ones:<\/p>\n<ul>\n<li>sitename.com\/wp-admin<\/li>\n<li>sitename.com\/wp-login.php<\/li>\n<\/ul>\n<h4>How Can Brute-Force Attacks Damage Your Site?<\/h4>\n<p>Once hackers find your login page, they will start a brute-force attack to force their way inside. Once they successfully guess your admin login credentials, they can do whatever they want with your website.<\/p>\n<p>A stolen website can be transformed into a spam page or ransomed for money, or your database of private customer data can be stolen.<\/p>\n<p>Or a hijacker may install some malware for phishing purposes, track your customers&#8217; activities, steal credit card data, etc.<\/p>\n<p>Even if they do not manage to steal your website, armies of bots constantly attacking your website will waste precious WordPress resources and bandwidth.<\/p>\n<h4>How Can You Deal with Brute-Force Attacks?<\/h4>\n<p>Securing by obscurity is, by far, the most efficient method to reduce this risk.<\/p>\n<p>In other words, you must ensure cybercriminals do not find any easy access points and monitor your entry points.<\/p>\n<h4>Change Your Login Page&#8217;s URL<\/h4>\n<p>First, change your login URL to something no one can guess. If the login page is hidden, it will be much harder for human hackers to find it and nearly impossible for bots, which will significantly reduce unwanted login attempts.<\/p>\n<p>Even a straightforward change such as \/wp-login-hidden\/ would reduce the rate of casual, bot-driven brute force attacks to near zero.<\/p>\n<p>Still, you can do better than this: change your login page to something challenging to guess, such as a long string of letters and numbers, and change it again every few months or so.<\/p>\n<p>Many plugins allow you to change your login page rather quickly. Below are a few free ones, but don&#8217;t forget that changing the login URL is a function that is found in many of the significant all-around security plugins, so make sure to avoid conflicts:<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\">WPS Hide Login<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/rename-wp-admin-login\/\" target=\"_blank\">Rename wp-admin login<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/easy-hide-login\/\" target=\"_blank\">Easy Hide Login<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/login-page-styler\/\" target=\"_blank\">Custom Login Page Customizer<\/a><\/li>\n<\/ul>\n<p>However, that&#8217;s not the only step you want to take since there&#8217;s always some workaround that cybercriminals can find to correctly guess your login URL.<\/p>\n<h4>Limit Login Attempts<\/h4>\n<p>The next step is to monitor the logins and limit the number of attempts. No brute-force attacker can guess your credentials on the first try.<\/p>\n<p>This means that if you start monitoring a very high number of login attempts, that&#8217;s almost certainly some hacker trying their way in.<\/p>\n<p>Monitoring individual logins will help you spot if your users had their usernames stolen.<\/p>\n<p>As a direct consequence, limiting the number of login attempts to just a few (say, three or four) will save your website from brute-force attacks, even when your hidden login URL was found.<\/p>\n<p>And if one of your admins got locked out because they forgot their password too many times\u2026 well, it&#8217;s time for them to change it!<\/p>\n<p>Some of the plugins that allow you to limit the number of login attempts and monitor them at the same time include:<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\">Limit Login Attempts Reloaded<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wps-limit-login\/\" target=\"_blank\">WPS Limit Login<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts\/\" target=\"_blank\">Limit Login Attempts<\/a><\/li>\n<\/ul>\n<h4>Ensure Maximum Password Security<\/h4>\n<p>All we said and done so far is not particularly helpful if your credentials are surprisingly easy to guess, like:<\/p>\n<p><strong>Username<\/strong>: <em>admin<br \/>\n<\/em><strong>Password<\/strong>:<em> password<\/em><\/p>\n<p>Password policies must be set to ensure a good level of complexity, a limited expiration time, and the inability to recycle them repeatedly. If you are the sole manager of your website, or if your team is small enough, just ensuring a few team best practices on password strength are followed may be enough.<\/p>\n<p>For larger websites, or when the amount of users is exceptionally high, you may want to use a password manager. Even better, you might want to enable <a href=\"https:\/\/www.techopedia.com\/definition\/13699\/twofactor-authentication\">two-factor authentication<\/a> (2FA) to avoid automated password-guessing attempts. Some of these plugins can provide better password security, although not all of them include more advanced functions (such as 2FA) in their non-premium versions:<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/password-policy-manager\/\" target=\"_blank\">Password Policy Manager<\/a><\/li>\n<li><a href=\"https:\/\/melapress.com\/wordpress-login-security\/\" target=\"_blank\">MelaPress Login Security<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\" target=\"_blank\">Solid Security<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/miniorange-2-factor-authentication\/\" target=\"_blank\">miniOrange&#8217;s Google Authenticator<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wp-2fa\/\" target=\"_blank\">WP 2FA<\/a><\/li>\n<\/ul>\n<p><strong>Our recommendations: <\/strong><a href=\"https:\/\/www.techopedia.com\/password-manager\/best-password-managers\"><strong>9 BEST PASSWORD MANAGERS REVIEWS<\/strong><\/a><\/p>\n<h3>3. Protecting Your Website from Spam Link Injections<\/h3>\n<p>Spam links are malicious links forcefully injected into your website&#8217;s database, generally through the comments section. <a href=\"https:\/\/www.techopedia.com\/definition\/26342\/black-hat-hacker\">Black Hat<\/a> <a href=\"https:\/\/www.techopedia.com\/definition\/5391\/search-engine-optimization-seo\">search engine optimization<\/a> (SEO) &#8220;experts&#8221; inject these links to artificially manipulate the rankings or domain authority of one of their low-tier websites or to send people to one of their malicious websites.<\/p>\n<p>Multiple redirects and invisible injections are often used, and sometimes spam link injection goes as far as sending <a href=\"https:\/\/www.techopedia.com\/definition\/4049\/phishing\">phishing<\/a> emails to your customer database or even displaying banners and ads of their phony products on your site.<\/p>\n<h4>How Can Spam Link Injection Damage Your Site?<\/h4>\n<p>Spam links can seriously damage all your SEO efforts since Google may read all these outgoing signals from your website to manipulate your <a href=\"https:\/\/www.techopedia.com\/definition\/5191\/search-engine-results-page-serp\">search engine result page<\/a> (SERP) positioning.<\/p>\n<p>You may be affected by a site-wide spam or unnatural link-building penalty, get your Google ads disapproved due to malware, or even have your Google AdWords account suspended or blocked.<\/p>\n<p>In extreme scenarios, your entire website can end blacklisted as deceptive by Google or suspended by your host, especially when multiple invisible links containing malware are left unattended.<\/p>\n<h4>How Can You Deal with Spam Link Injection Threats?<\/h4>\n<p>Probably, the simplest way to deal with spam link threats is to block comments altogether. This solution is, by far, the most efficient and has fewer repercussions on your entire site. You need no plugins to do that. From your site&#8217;s Dashboard, just go to your Settings: Discussion page and make sure no one can comment without prior approval:<\/p>\n<figure id=\"attachment_138326\" aria-describedby=\"caption-attachment-138326\" style=\"width: 1874px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138326\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments.jpg\" alt=\"Disable WordPress Comments\" width=\"1874\" height=\"835\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments.jpg 1874w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments-300x134.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments-1024x456.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments-768x342.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments-1536x684.jpg 1536w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Comments-1200x535.jpg 1200w\" sizes=\"(max-width: 1874px) 100vw, 1874px\" \/><figcaption id=\"caption-attachment-138326\" class=\"wp-caption-text\">Disable WordPress Comments<\/figcaption><\/figure>\n<p>All comments will be held in moderation and never published without your authorization. This may quickly lead to words accumulating in the thousands in no time. The simplest way to get rid of them occasionally is by using one of the many cache cleaner plugins available, such as <a href=\"https:\/\/wordpress.org\/plugins\/wp-bulk-delete\/\" target=\"_blank\">WP Bulk Delete<\/a>\u00a0or a plugin to manage comments specifically.<\/p>\n<p>However, on some websites, blocking comments is simply not an option. In this case, you might want to apply a filter.<\/p>\n<p>In the Discussion page, you can reduce the number of links in each comment to one since many spam comments usually contain more than one link. However, you cannot reduce them to zero, or all comments will be held for moderation.<\/p>\n<p>Another possible alternative is to <a href=\"https:\/\/wordpress.org\/plugins\/advanced-google-recaptcha\/\" target=\"_blank\">enable a reCaptcha plugin<\/a>. This is inefficient since it will stop only bots (most of these attacks) but not human hackers.<\/p>\n<p>Last but not least, is to install an anti-spam filter. These plugins perform various tasks that will ensure that all comments that will appear on each one of your pages are clean ones.<\/p>\n<p>They use specific <a href=\"https:\/\/www.techopedia.com\/definition\/3739\/algorithm\">algorithms<\/a> to detect suspicious comments, block activities from particular countries, or add filters to limit certain comment types.<\/p>\n<p>Here&#8217;s a list of some of the most popular anti-spam plugins, but remember: there&#8217;s always a chance for some malicious link to slip through the cracks:<\/p>\n<ul>\n<li><a href=\"https:\/\/akismet.com\/\" target=\"_blank\">Akismet<\/a><\/li>\n<li><a href=\"https:\/\/it.wordpress.org\/plugins\/antispam-bee\/\" target=\"_blank\">Anti-spam Bee<\/a><\/li>\n<li><a href=\"https:\/\/it.wordpress.org\/plugins\/anti-spam\/\" target=\"_blank\">Titan Anti-spam &amp; Security<\/a><\/li>\n<li><a href=\"https:\/\/it.wordpress.org\/plugins\/contact-forms-anti-spam\/\" target=\"_blank\">Maspik<\/a><\/li>\n<\/ul>\n<h3>4. Protecting Your Website from DDOS Attacks<\/h3>\n<p>A distributed denial-of-service (DDoS) attack is a less common risk than the others we have discussed.<\/p>\n<p>However, when that happens, the consequences can be dire, significantly if your website&#8217;s downtime is directly associated with a loss of finances or reputation (such as for websites that must always stay up).<\/p>\n<p>DDOS attacks generally exploit vulnerabilities in WordPress, the themes, or the installed plugins. Therefore, the best way to avoid them is to reduce the attack surfaces and plan ahead.<\/p>\n<h4>How Can DDOS Attacks Damage Your Site?<\/h4>\n<p>DDOS attacks will overwhelm your server with massive requests, causing the website to slow down and even crash.<\/p>\n<p>If your company relies on web traffic or continuity of services for income, a DDOS flooding can have severe consequences.<\/p>\n<p>Even if the website doesn&#8217;t outright crash, slowdowns and downtimes can lead to customer dissatisfaction and loss of brand reputation, especially since some DDOS attacks can last for days or weeks.<\/p>\n<h4>How Can You Deal with DDOS Attacks?<\/h4>\n<p>As usual, prevention is the best defense. Removing any potential vulnerability from your WordPress website, its themes, and plugins is mandatory, and when it&#8217;s not possible, obfuscating them can go a long way toward reducing the number of automated attacks.<\/p>\n<h4>WordPress Vulnerabilities: Getting Rid of the XML-RPC API<\/h4>\n<p>As its name suggests, XML-RPC is a protocol that uses XML for communication purposes (RPC stands for &#8220;<a href=\"https:\/\/www.techopedia.com\/definition\/24022\/remote-procedure-call-rpc\">remote procedure call<\/a>&#8220;). It uses HTTP as its data transport mechanism, but today, it has lost its usefulness to the point it is often considered outdated or deprecated.<\/p>\n<p>However, XML-RPC can be exploited for remote code injections, and it represents a vulnerability for both DDOS and sometimes even brute-force attacks. For the vast majority of WordPress users, XML-RCP can be disabled with no adverse effects whatsoever to prevent unwanted attacks.<\/p>\n<p>You can disable XML-RCP manually or by installing a plugin such as <a href=\"https:\/\/wordpress.org\/plugins\/disable-xml-rpc\/\" target=\"_blank\">Disable XML-RPC<\/a> or <a href=\"https:\/\/wordpress.org\/plugins\/disable-xml-rpc-api\/\" target=\"_blank\">Disable XML-RPC-API<\/a>. If you want to do it manually to avoid installing another plugin, you need to edit the .<em>htaccess <\/em>file, so you must go to your host&#8217;s File Manager (such as cPanel).<\/p>\n<p>If you&#8217;re operating on cPanel, make sure that you can see hidden files by clicking on the Settings button on the top right of the screen and then selecting the appropriate option:<\/p>\n<figure id=\"attachment_138328\" aria-describedby=\"caption-attachment-138328\" style=\"width: 1517px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138328\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel.jpg\" alt=\"CPanel in WordPress\" width=\"1517\" height=\"922\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel.jpg 1517w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel-300x182.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel-1024x622.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel-768x467.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/cpanel-1200x729.jpg 1200w\" sizes=\"(max-width: 1517px) 100vw, 1517px\" \/><figcaption id=\"caption-attachment-138328\" class=\"wp-caption-text\">CPanel in WordPress<\/figcaption><\/figure>\n<p>Now search for the .<em>htaccess<\/em> file via the Search function on the left of the Settings button, or go directly to the <strong>\/public_html<\/strong> directory to find it. Right-click on the file and then edit it:<\/p>\n<figure id=\"attachment_138329\" aria-describedby=\"caption-attachment-138329\" style=\"width: 1444px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138329\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess.jpg\" alt=\"htaccess in WordPress\" width=\"1444\" height=\"725\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess.jpg 1444w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess-300x151.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess-1024x514.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess-768x386.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/htaccess-1200x602.jpg 1200w\" sizes=\"(max-width: 1444px) 100vw, 1444px\" \/><figcaption id=\"caption-attachment-138329\" class=\"wp-caption-text\">htaccess in WordPress<\/figcaption><\/figure>\n<p>You need to add the following code snippet:<\/p>\n<p><em># Block WordPress xmlrpc.php requests<\/em><\/p>\n<p><em>&lt;Files xmlrpc.php&gt;<\/em><\/p>\n<p><em>order deny, allow<\/em><\/p>\n<p><em>deny from all<\/em><\/p>\n<p><em>allow from xxx.xxx.xxx.xxx<\/em><\/p>\n<p><em>&lt;\/Files&gt;<\/em><\/p>\n<p>Note that the string <em>allow from xxx.xxx.xxx.xxx <\/em>is used if you want to grant access to XML-RPC to a user or a service and should be substituted with that user or service&#8217;s IP. If you want to disable XML-RPC altogether, then you can simply delete this whole line.<\/p>\n<h4>WordPress Vulnerabilities: Disabling the REST API<\/h4>\n<p>The WordPress Representational State Transfer (REST) API is a tool developers use to turn a website into an available web service. It sends and receives <a href=\"https:\/\/www.techopedia.com\/definition\/3930\/javascript-object-notation-json\">JSON<\/a> (JavaScript Object Notation) objects so that it can be used as a backdoor for potential attacks by malicious actors.<\/p>\n<p><strong>READ MORE:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.techopedia.com\/10-best-cybersecurity-certifications-for-2024\"><strong>The Best Cybersecurity Certifications for 2024<\/strong><\/a><\/li>\n<li><strong><a href=\"https:\/\/www.techopedia.com\/best-cybersecurity-schools-and-universities\">The Best Cybersecurity Schools and Classes<\/a><\/strong><\/li>\n<\/ul>\n<p>Similarly to the XML-RPC API, it can be disabled relatively safely by most users. However, it may be necessary for the correct functioning of some plugins and WordPress themes. Because of that, it is better to try disabling it in a staging website first to ensure it doesn&#8217;t cause any disruption whatsoever.<\/p>\n<p>Once again, you can turn off the REST API to reduce your attack surface by installing a plugin such as <a href=\"https:\/\/it.wordpress.org\/plugins\/disable-wp-rest-api\/\" target=\"_blank\">Disable WP REST API<\/a> or <a href=\"https:\/\/wordpress.org\/plugins\/disable-json-api\/\" target=\"_blank\">Disable REST API<\/a>, or you can do it manually. The procedure is similar to the one described above for the XML-RPC API. However, this time, you must navigate in your File Manager to the <strong>\/public_html\/wp-content\/themes<\/strong> directory. Then, you must locate the name of your current theme and open the respective directory.<\/p>\n<figure id=\"attachment_138337\" aria-describedby=\"caption-attachment-138337\" style=\"width: 398px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"size-full wp-image-138337\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/rest-api.jpg\" alt=\"Rest API in WordPress\" width=\"398\" height=\"903\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/rest-api.jpg 398w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/rest-api-132x300.jpg 132w\" sizes=\"(max-width: 398px) 100vw, 398px\" \/><figcaption id=\"caption-attachment-138337\" class=\"wp-caption-text\">Rest API in WordPress<\/figcaption><\/figure>\n<p>Once there, find the <em>functions.php<\/em> file inside it and edit it to add the current code snippet at the bottom of it:<\/p>\n<p><em>function qode_disable_rest_api( $access ) {<\/em><\/p>\n<p><em>return new WP_Error( &#8216;rest_disabled&#8217;, __( &#8216;The WordPress REST API has been disabled.&#8217; ), array( &#8216;status&#8217; =&gt; rest_authorization_required_code() ) );<\/em><\/p>\n<p><em>}<\/em><\/p>\n<p><em>add_filter( &#8216;rest_authentication_errors&#8217;, &#8216;qode_disable_rest_api&#8217; );<\/em><\/p>\n<p>You can check if you correctly disabled the JSON REST API by clicking on your website&#8217;s\/wp-json folder, such as:<\/p>\n<p><a href=\"http:\/\/www.sitename.com\/wp-json\" target=\"_blank\">www.sitename.com\/wp-json<\/a><\/p>\n<p>If you get an error message saying, &#8220;<em>The WordPress REST API has been disabled&#8221;<\/em>, then the pro REST API has been successfully disabled.<\/p>\n<h4>Themes and Plugin Vulnerabilities: Making Sure They Don&#8217;t Show<\/h4>\n<p>Hackers always exploit any potential vulnerability in plugins and themes to break into websites.<\/p>\n<p>Because of this, a best practice is to get rid of unused plugins rather than just disabling them and ensure everything is constantly updated regularly.<\/p>\n<p>However, there are known security issues that cybercriminals can easily spot just by checking which version of a plugin, WordPress, or theme you are using.<\/p>\n<p>You can remove your WordPress version number quite easily. Navigate again to the <em>functions.php<\/em> file and add this code snippet at the bottom:<\/p>\n<p><em>function remove_version_info() {<\/em><\/p>\n<p><em>return &#8221;;<\/em><\/p>\n<p><em>}<\/em><\/p>\n<p><em>add_filter(&#8216;the_generator&#8217;, &#8216;remove_version_info&#8217;);<\/em><\/p>\n<h4>Reducing Server Load: Using a CDN<\/h4>\n<p>Content Delivery Networks (CDNs) are servers that store cached copies of your website in their data centers.<\/p>\n<p>They distribute data across multiple servers, acting as middlemen between you and your website&#8217;s customers. CDNs reduce the load on your website server, increase the loading speed of your website, and improve its performance.<\/p>\n<p>More importantly, CDNs are much harder to attack than a single server and act as a firebreak in case of DDOS attacks. Some CDNs can also act as reverse proxies.<\/p>\n<p>There are many CDN providers; some are free, some require a monthly fee, some provide just essential CDN services, while others offer a broader range of additional services such as image lazy load and resizing, CSS optimization, and more. Here are a few of the most popular ones:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.cloudflare.com\/\" target=\"_blank\">Cloudflare<\/a><\/li>\n<li><a href=\"https:\/\/wp-rocket.me\/\" target=\"_blank\">WP Rocket<\/a><\/li>\n<li><a href=\"https:\/\/jetpack.com\/\" target=\"_blank\">Jetpack<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/optimole-wp\/\" target=\"_blank\">Optimole<\/a><\/li>\n<\/ul>\n<h4>Another Layer of Security: WordPress Firewalls<\/h4>\n<p>Firewalls are software that acts as a barrier between your website and users, ideally blocking unwanted accesses from potential hackers. They are a valuable additional layer of security, although they are not always strictly necessary.<\/p>\n<p>Many WordPress firewalls tend to go overboard with the changes they force onto your website, often impacting performance more than you want. Because of this, they should be enabled only for websites where maximum security is paramount.<\/p>\n<p>Usually, an excellent way to ensure that firewalls only filter out malicious bots without blocking out everyday users or standard crawlers is to tweak their rate-limiting features. If this number is set to a reasonable amount, the firewall will block most DDOS attacks without affecting user experience. The more prominent names in the WordPress Firewall industry include <a href=\"https:\/\/sucuri.net\/\" target=\"_blank\">Sucuri<\/a>, <a href=\"https:\/\/www.wordfence.com\/\" target=\"_blank\">Wordfence<\/a>, and <a href=\"https:\/\/aiosplugin.com\/\" target=\"_blank\">AIOS<\/a>.<\/p>\n<h2><span id=\"the_bottom_line\">The Bottom Line<\/span><\/h2>\n<p>This guide can help you ensure a higher level of security for your WordPress website.<\/p>\n<p>However, remember that no solution is always final, and whatever layer of protection you may establish, there&#8217;s always a way to circumvent it.<\/p>\n<p>Try to always stay ahead of the curve by looking for the latest vulnerabilities, and make sure you always keep yourself informed about every new cybersecurity threat that could emerge.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you own or manage a WordPress website, you know very well how security should always be your first and foremost priority. Besides the serious risk of losing your business, hackers can also steal private or sensitive data from your users and logs. This may have severe repercussions for your brand&#8217;s reputation and credibility and [&hellip;]<\/p>\n","protected":false},"author":7721,"featured_media":138345,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[585,548],"class_list":["post-138338","how-to","type-how-to","status-publish","has-post-thumbnail","hentry","category-cyber-threats","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v23.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Protect WordPress Websites From Cybersecurity Threats<\/title>\n<meta name=\"description\" content=\"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Protect Your WordPress Site From Cybersecurity Threats\" \/>\n<meta property=\"og:description\" content=\"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-06T10:34:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\"},\"author\":{\"name\":\"Claudio Buttice\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/7e411549ce1e215c9b8fae459ad151fe\"},\"headline\":\"How to Protect Your WordPress Site From Cybersecurity Threats\",\"datePublished\":\"2023-12-13T14:59:03+00:00\",\"dateModified\":\"2024-01-06T10:34:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\"},\"wordCount\":3120,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\",\"url\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\",\"name\":\"How to Protect WordPress Websites From Cybersecurity Threats\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg\",\"datePublished\":\"2023-12-13T14:59:03+00:00\",\"dateModified\":\"2024-01-06T10:34:15+00:00\",\"description\":\"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"How to Protect Your WordPress Website From Cyber Threats\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"How To\",\"item\":\"https:\/\/www.techopedia.com\/how-to\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"How to Protect Your WordPress Site From Cybersecurity Threats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"width\":209,\"height\":37,\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/7e411549ce1e215c9b8fae459ad151fe\",\"name\":\"Claudio Buttice\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/human-people-person-face-portrait-smile-dimples-hair-haircut-24-300x300.png\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/human-people-person-face-portrait-smile-dimples-hair-haircut-24-300x300.png\",\"caption\":\"Claudio Buttice\"},\"description\":\"Dr. Claudio Buttic\u00e8, Pharm.D., is a former Pharmacy Director who worked for several large public hospitals in Southern Italy, as well as for the humanitarian NGO Emergency. He is now an accomplished book author who has written on topics such as medicine, technology, world poverty, human rights, and science for publishers such as SAGE Publishing, Bloomsbury Publishing, and Mission Bell Media. His latest books are \\\"Universal Health Care\\\" (2019) and \\\"What You Need to Know about Headaches\\\" (2022).A data analyst and freelance journalist as well, many of his articles have been published in magazines such as Cracked, The Elephant, Digital Journal, The Ring of Fire, and Business Insider. Dr. Buttic\u00e8 also published pharmacology and psychology papers on several clinical journals, and works as a medical consultant and advisor for many companies across the globe.\",\"sameAs\":[\"https:\/\/www.medsnews.com\/\",\"https:\/\/www.linkedin.com\/in\/claudio-buttic-482a662a\/?locale=en_US\"],\"knowsAbout\":[\"Data Analyst\",\"Book Writer\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/claudio-buttice\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Protect WordPress Websites From Cybersecurity Threats","description":"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats","og_locale":"en_US","og_type":"article","og_title":"How to Protect Your WordPress Site From Cybersecurity Threats","og_description":"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.","og_url":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_modified_time":"2024-01-06T10:34:15+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@techopedia","twitter_misc":{"Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats"},"author":{"name":"Claudio Buttice","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/7e411549ce1e215c9b8fae459ad151fe"},"headline":"How to Protect Your WordPress Site From Cybersecurity Threats","datePublished":"2023-12-13T14:59:03+00:00","dateModified":"2024-01-06T10:34:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats"},"wordCount":3120,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats","url":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats","name":"How to Protect WordPress Websites From Cybersecurity Threats","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg","datePublished":"2023-12-13T14:59:03+00:00","dateModified":"2024-01-06T10:34:15+00:00","description":"This technical yet easy-to-follow guide offers practical advice to stop attacking spamming hacking or attacking your WordPress-hosted site.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/1080x1920-Featured-Image-How-to-Protect-Your-WordPress-Website-From-Cyber-Threats.jpg","width":1920,"height":1080,"caption":"How to Protect Your WordPress Website From Cyber Threats"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/how-to\/how-to-protect-your-wordpress-site-from-cybersecurity-threats#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"How To","item":"https:\/\/www.techopedia.com\/how-to"},{"@type":"ListItem","position":5,"name":"How to Protect Your WordPress Site From Cybersecurity Threats"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","width":209,"height":37,"caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/7e411549ce1e215c9b8fae459ad151fe","name":"Claudio Buttice","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/human-people-person-face-portrait-smile-dimples-hair-haircut-24-300x300.png","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/human-people-person-face-portrait-smile-dimples-hair-haircut-24-300x300.png","caption":"Claudio Buttice"},"description":"Dr. Claudio Buttic\u00e8, Pharm.D., is a former Pharmacy Director who worked for several large public hospitals in Southern Italy, as well as for the humanitarian NGO Emergency. He is now an accomplished book author who has written on topics such as medicine, technology, world poverty, human rights, and science for publishers such as SAGE Publishing, Bloomsbury Publishing, and Mission Bell Media. His latest books are \"Universal Health Care\" (2019) and \"What You Need to Know about Headaches\" (2022).A data analyst and freelance journalist as well, many of his articles have been published in magazines such as Cracked, The Elephant, Digital Journal, The Ring of Fire, and Business Insider. Dr. Buttic\u00e8 also published pharmacology and psychology papers on several clinical journals, and works as a medical consultant and advisor for many companies across the globe.","sameAs":["https:\/\/www.medsnews.com\/","https:\/\/www.linkedin.com\/in\/claudio-buttic-482a662a\/?locale=en_US"],"knowsAbout":["Data Analyst","Book Writer"],"url":"https:\/\/www.techopedia.com\/contributors\/claudio-buttice"}]}},"_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/how-to\/138338"}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/how-to"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/how-to"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7721"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=138338"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/how-to\/138338\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/138345"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=138338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=138338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}