Best Way to Protect Your WordPress Blog from Malware

[OnaDavney]

One of my Wordpress blog infected with malware and I have to do some things like re-installed a new fresh copy of Wordpress, remove any plugins and doubting they are sources that virus came..etc

I would like to know some TIPs to protect my Wordpress blog from malware? what are your experience?

 

[HCFGrizzly]

One of my Wordpress blog infected with malware and I have to do some things like re-installed a new fresh copy of Wordpress, remove any plugins and doubting they are sources that virus came..etc

I would like to know some TIPs to protect my Wordpress blog from malware? what are your experience?

Your best course of action would be to throw WordPress out of your web server and implement a custom solution.
Even though WordPress has become more and more secure over time, there are still lots of plugins that are begging for hackers to attack your website.
Now I know that probably not using WordPress is not an option for you and because of that you should start by reading this article:

http://codex.wordpress.org/Hardening_WordPress

 

[ericplotz1]

Just use Word Fence Security and stop Spammers plugins and you'll be fine.

Also choosing a username other than admin and a secure pass.

 

[hmb-robert]

Now a days wordpress provides many security and maleware scan plugins. You can easily install them using one click plugin installation option provided by wordpress.

 

[HCFGrizzly]

HCFGrizzly

Can you recommend some of those "many security and malware scan plugins"?

 

[velvet]

Hi OnaDavney,
I use both the WordFence plugin, and the following.

And of course use long generated passwords!

cheers, Mal.

 

[Ron Killian]

I put in another vote for Wordfence. Also helps to keep out the bad guys, like those trying to figure out your password. Well, they are bots, but it helps with that aspect.

Also, obviously very important to keep wordpress, plugins and theme's up to date.

On a side note, having a good host can help. I get emails from mine (automatic), letting me know when new potential problems arise. Also alerts for suspicious files.

 

[SenseiSteve]

One of the things I like about WordFence is, first, the scan, but also the problem notifications, like plugins that need to be updated. Get rid of the admin user for administrator and use long passwords.

 

[vishwa]

Yes, Wordfence is really a great plugin for protect your site from hacking and spam. However I believe that we all have to take precautions to protect the site manually for example change your passwords frequently, Don't use nulled themes and plugins, update/replace outdated plugins, monitor your traffic logs etc.. will help you a lot.

 

[Localnode]

You can also restrict access to the admin area to a specific IP.
Replace "xx.xxx.xxx.xxx" with your IP

# BEGIN RESTRICTION
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^xx.xxx.xxx.xxx$
RewriteRule ^(.*)$ - [R=403,L]
# END RESTRICTION

If you've changed the admin area (which you should) the above code should reflect those changes.

 

[ElixantTechnology]

First of all, don't use any "nulled" or "free download" templates or plugins from third-parties. A lot of the times these downloads are released with the malware hidden within. Next, ensure that you are following best practices for security.