How To Avoid Compromising Your Wordpress Website

Webly Alfred
Oct 13, 2016 · 5 min read

“My Wordpress website is sending spam emails to my subscribers. Help I don’t know how to make it stop.”

Does this sound like what’s been happening on your website?

In a movie, a hacker who finds a way to get inside a computer to stop a countdown that would launch a missile to destroy the world is a hero. In real life, a hacker is not a hero when she is responsible for your email subscribers receiving spam emails, your blogs being bombarded with spam comments or worse, your website URL now leading to a porn site.

Being hacked is an entrepreneur’s nightmare, and it can cost a lot of time, money and frustration. Most people get hacked because they simply don’t have the time to cleanup their website’s back end.

In my experience, I discovered that there are 8 ways you’re compromising your WordPress website and you don’t even know that you’re doing it.

What if you could take simple steps to break the hacker’s heart instead of yours? There is, and I am sharing them with you.

Heartbreak #1: You Have A Complete Backup Of Your WordPress Website

Most entrepreneur when launching their business online, sign-up for a shared server with GoDaddy, BlueHost, Hostgator or else, to host their website. These types of web hosting packages usually cost $3.99 per month. You are sharing server space with many other people. You have no idea how secure the other websites are. A hacker can infiltrate one of them and delete your files.

How can you recover your website if this happens?

Having a complete backup of your WordPress website can help. The complete backup allows you to save a copy of your website for you to recover in case you get hacked. The backup doesn’t require you to redesign your site. Your website can be restored to the way it looked like before getting hacked. The plugin I recommend to backup your entire website is BackupBuddy. You can even schedule for BackupBuddy to automatically save your website daily, weekly at a remote location or on a storage device.

Heartbreak #2: You always update your version of WordPress

WordPress does an amazing job keeping their free product secure updating it frequently. Take advantage of this free support by keeping your WordPress version up to date. Before updating your version of WordPress , make sure you do a complete backup avoiding breaking your own heart just in case the WordPress update didn’t go as expected.

Heartbreak #3: You delete the plugins you’re not using

Every plugin you install on your website was created by a different developer. Each time WordPress updates its version, a good developer updates the plugin she created as well.

Make sure all your plugins are updated and tested with your current WordPress version. If not, find a substitute or delete it. Hackers use a back door technique to install malicious codes on plugins not updated to infiltrate your website. It allows them to do whatever they want without you even knowing they already have access to your site.

Heartbreak #4: You delete the WordPress themes that you’re not using

Your WordPress website install usually comes with a couple of free themes. People purchase other themes with more features for their website and don’t even bother with the free ones. You can delete them. Keeping the WordPress themes that you’re not using gives hackers the perfect opportunity to infiltrate your website.

Heartbreak #5: You’re not using “ADMIN” as your username

Don’t be shy, do you still use “ADMIN” or your email address as your username to log into your WordPress dashboard? Having your username as “ADMIN” — the first username hackers usually try — is doing 50% of the job for hackers. The solution is to break their heart changing your username to something that is tough to guess.

Heartbreak #6: You’re using a password with at least 8 characters

I get it, your pet name, your favorite restaurant or your wedding date anniversary are easier to remember. But they are also easy information for a hackers to obtain just by paying attention to what you post on social media. You want a password that is tough to guess and that’s 8 characters long. Use a Strong Password Generator to create it for you. I know you have enough password, family schedules and grocery lists to remember. Don’t worry, I got your back! Use a password management system like LastPass to remember ALL your passwords for you so you don’t have to.

Heartbreak #7: You audit your website users

From your WordPress dashboard, navigate the “Users” section. If you see other users you don’t remember adding besides you, delete them especially if they have “Administrator” status. You should be the only one with this status. If you need to give access to a designer to update your website, create a separate user account with a temporary password.

Heartbreak #8: You Keep spammers from commenting on your blog

When your website is new, you spend a small amount of time moderating comments. As it becomes more popular, comment moderation will turn into a shore especially with spam comments. Spammers love to bombard you with all kinds of comments to buy Ray Ban glasses or Viagra. You don’t want your visitors reading these types of comments, that’s why you must activate a spam filtering plugin.

WordPress comes with some plugins preinstalled. One of those plugins is a spam filtering plugin, Akismet, which doesn’t come activated though. You will have to take some extra steps to get it activated for a small fee.

You can also use a spam prevention technology, a honeypot like Spam Fighter to force the spam bots to identify themselves before posting a comment on your site. A honeypot creates a fake challenge that can only be seen by the spam bots. When the bots fill the challenge, they end up identifying themselves and are caught before posting a spam comment.

My wish for you is to get in the habit of protecting your business online as well as your visitors. I’ve been designing websites for 7 years plus and I’ve made many mistakes. You don’t need to do the same! It’s good practice that every month you schedule some time to do a security audit of your website. Doing so will keep your heart intact and will surely break a hacker’s heart. If you feel stuck, I’m happy to help you fight your tech monsters. Tell me about them here

Until next time,


Originally published at on October 13, 2016.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store