Malware & Security for your WordPress site

Written By Shane Taubman

May 16, 2018

Review and learnt from

Current WordPress Security


WordPress is the most popular Content Management System (CMS) on the web. Popularity has many advantages, but it also comes with a few risks. Many WordPress websites are vulnerable to security breaches in one way or another unless protected correctly.

However, WordPress is very secure and built with security in mind from their developers. The issue is how the WordPress websites are the customised.

When you use a combination of themes, plugins, and custom code to your WordPress website. Plugins and themes can be prone to security vulnerabilities, which is one of the reasons they require constant updates.

When you combine the vulnerabilities and elements with user error, such as re-using passwords, not taking advantage of WordPress security features, and more, you can end up with a system with many attack(s).Here are some of my practices I used to make your website to remain secure. See Below

  • I always look for plugins and themes that are compatible with the current version of WordPress. Avoid themes with few reviews and installations, as well as those that haven’t been updated for a while.
  • Use a secure password. Use complex passwords that mix letters, numbers, and symbols if possible.
  • Scan your website for malware. Just as you do with your computer, you should also scan your website for malware. There are plugins available that can do this.
  • Back up your site every time before a change is made. If something goes wrong, the easiest way to restore your website to a previous version. Normally best using the web hosts backup application but use WordPress plugin(s) if required.


Ways Malware Can Affect Your WordPress Website


1. Damage Your Search Engine Optimisation (SEO)

Malware that infects your site and replaces your outbound links so that they navigate to domains they want to boost. In some cases, malware can also set up dummy pages filled with keywords to attract visitors, which then lead them somewhere else. Both these practices are frowned upon by search engines, and the effects to your SEO can be long-lasting.

2. Force Unauthorised Redirects

If there’s one thing worse than WordPress malware that adds spam links to your website, it’s infections that redirects visitors to other websites. In some cases, the malicious code may redirect users to an unsecured copy of your website, hoping to get their personal information. Other variants simply lead users towards other websites, as a way to get them more traffic.

Steps I use to Secure your WordPress Website


  1. Always make sure web host has some sort of SPAM or anti-virus application to scan your website.
  2. Always install your WordPress website in a sub directory that isn’t labelled wp or wordpress.
  3. Always make sure administrator password is complex.
  4. Activate default Anti-Malware plugins or obtain the most downloaded security plugin.
  5. Always make sure themes and plugins are up-to-date.
  6. Disable comments to blog articles when possible.
  7. Delete any deactivated plugins when possible.

You may also like…