Protect your WordPress website from security threats, and how to recover if your site has been hacked. Over 40% of all websites across the globe run on WordPress. It’s far and away the most popular content management system (CMS) available on the internet. Popularity brings a constant stream of unwanted attention from criminal hackers. This means WordPress website owners need to be aware of all the security measures necessary to safeguard their sites. WordPress has a strong community of developers dedicated to ensuring any and all cracks that appear in the system are patched up as soon as possible. As a site owner, you can add more protection by following these tips to make your WordPress site more secure. WordPress websites are generally hacked-into because of poor version control, the use of outdated plugins or themes, brute force login attacks and various other backdoor vulnerabilities. Such attacks can be prevented if you manage the security risks. The consequences of taking little or no action can be quite stark. A hacked website can have serious repercussions for a business’ brand image and revenue. In this comprehensive guide we’ll demonstrate how to protect your WordPress site from criminals. First, we’ll identify all of the major weak spots which typically leave a website vulnerable, such as: Password settings and brute force attacks Admin access and user permissions Version control and updating plugins Choosing the right secure plugin Malware scanning Secure web hosting Distributed denial of service attacks (DDoS) We’ll then take you step-by-step through a number of simple preventative measures. We’ll demonstrate how to fix a hacked WordPress site and what actions you should take if the worst case scenario should occur. So, don’t panic! We’ve got you covered. It’s a massive guide, so here’s some shortcuts for you: How to protect your WordPress Admin login How to change wp admin url in WordPress Change your Admin username / Create a new administrator profile Strong password generators Two-factor authentication Brute force attacks Limit Login attempts with StackProtect Automatically log out idle users Security questions on login WordPress user permissions User roles and responsibilities How to change permissions in WordPress What you can change in the WordPress Admin menu Latest PHP version Latest WordPress version Update plugins Security keys Disable File editing Disable PHP file execution Move the wp-config.php file Disable Directory Indexing and Browsing Disable XML-RPC in WordPress Secure your database Database prefix Backups Monitor audit logs Strong passwords Scan for malware FariHost free scanner Other options WordPress security plugins Do I need a security plugin? Best WordPress security plugins What do they offer and how do they differ? Which plugin should I choose? SSL certificates DDoS protection Secure web hosting What does a great web host provider look like? FariHost secure web hosting – product features What to do if your site has been hacked How would I know? My website has been hacked: what should I do first? How do I fix a hacked WordPress website?