Hacker News new | past | comments | ask | show | jobs | submit login

How do you make sure you don't get hacked using Wordpress?

I hosted my own blog for a short while and got hacked, so I moved back to Wordpress.com.




Strong passwords and regular updates. Ive had a WordPress blog for 15 years self hosted and havent to my knowledge been hacked yet.


I meant in a hands-off manner.


You automate the updates.

Also be very selective about installing plugins.

If you are extra paranoid then you can put the login/admin/api behind a vpn.


Being selective about plugins is so important. When I first started working independently, I was blown away by how much work could be had just saving people from the misery of Wordpress plugins. Not glorious work, but wow, you could work until the sun is gone just churning out plugin updates for Wordpress site owners.

Almost all of the problem plugins weren’t even that important to the site. Someone just added it at some point and left it, maybe for years. Then there you are running old code with known exploits. Of course you’re going to get hacked.

Although I didn’t enjoy that work, I did love how excited and happy my clients were that their sites were fixed. You can’t measure the misery and anxiety some people feel when stuff goes wrong with their websites. Fixing that, with php and Wordpress no less, was a great feeling.

All that is to say that I agree; only adopt plugins you really need with a reputation you’re comfortable with.


You could go for a managed WordPress host like WPEngine or Kinsta, but they are comparatively expensive.


Pretty much the usual. Make sure to keep it updated. Don't install crappy plugins. Use safe passwords.


There are Wordpress plugins as well as SaaS services that export Wordpress site to a static site.

I've recommended Hardypress (https://hardypress.com/) a couple times here on HN. Still happy with them.


Install Wordfence. The free version is enough. Regularly checks the site for dodgy files, blocks spammers and offers 2FA for login. Big fan since it prevented multiple hack attempts to several of my sites.


What everyone else said, but also avoid super cheap hosting. Been burnt that way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: