While 2020 has been the most volatile year in modern history for many businesses. Well, it would be a mistake to think that hackers are not taking advantage of the situation in 2021.

Website hackers can stay at home, but they're not taking a break from the attempts to hack WordPress websites during the Coronavirus outbreak.

The tactics used in this current wave of COVID-19 aren't new: phishing and malware attempts seek to steal email passwords, fake ads sell scam products and more. In short, all of this has already been seen, but the intensity of these attacks have increased rapidly during this time.

WordPress site hackers aim to trick users into giving up their credentials, and those who use COVID-19 to stoke their fears are no different.

But at the same time, the existence of such a situation makes it very sweet for malicious users to create tools (robots) that snoop around the internet looking for vulnerable WordPress.

Don't let them stick their noses in yours!

If your WordPress is hacked during the corona virus outbreak, the repairing costs can be significant. Not only because you have to hire a technician to clean the web, but you also have to consider the loss of sales, leads and a loss of reputation.

You might be worried about How do I scan WordPress plugins for malware? Or Has WordPress site been hacked?

Do not panic!

Follow our security guide and act now to mask your WordPress website and reduce the risk of being hacked during the Covid-19/pandemic.

At WPHackedhelp, we scan your website and cleanup and malware removal to have a list of happy customers that are running secure websites and expanding their businesses.

The entire team has participated in the creation of this security guide with which we want to help you know the risks to which you are exposed and teach you how to raise different security barriers around your WordPress.

We are excited about creating secure WordPress websites!

The most important of all

There is always a risk

We are sorry to tell you this: your WordPress will never be 100% secure.

Malicious users are constantly innovating and plugin bugs are frequently discovered; however, you can do many things to minimize the risk.

We are here to help you, but keep in mind that security requires constant work and you cannot lower your guard.

Is WordPress insecure?

This is a question that we receive on a regular basis in our support service.

The answer is that WordPress is no less secure than any other content manager.

Depending on how we pamper and use our WordPress, we will more or less keep it away from the bad guys.

If you never update your WordPress, your theme is pirated, your password is 1234 and you don't have antivirus on your computer… We suppose that you should also leave your house without the mask on a Saturday afternoon in a shopping center during the Covid-19/pandemic.

Be careful with your Internet connection

How do you connect to the internet? It is better that you work connected by ethernet cable instead of wifi.

If you connect via Wi-Fi, check that you use WPA-2 security and that you have changed the default password to access the router's administration. Use a strong password!

If you are using WPS on your Wi-Fi connection, deactivate it, since having it active is very easy for them to steal your connection password.

Avoid connecting to your WordPress from unreliable external equipment, such as a hotel reception computer.

Free Wi-Fi: High Price in Security

We have all fallen into the temptation of using open Wi-Fi networks that are available for example in hotels and coffee shops. Free WIFI! But using wifi of this type means paying a high price in terms of security.

We advise against connecting from open or public wifis, as they are not secure. In the event that it is essential to use them, check that you have your computer protected with an updated antivirus and firewall, or connect through a trusted VPN.

Today many antivirus security solutions include a private VPN, this would be a good option. You can also hire a specific VPN service so that all your connections are encrypted. If you regularly connect from unsecured networks (traveling, away from home or office, etc.) with the VPN, you will greatly increase your security.

In any case, when you are away from home or the office, it is always preferable that you connect from the 3G connection of your mobile phone than to use a Wi-Fi connection whose security you do not know.

SSL to encrypt data

It is highly advisable to install an SSL certificate on your website and access via HTTPS because that way the data will travel encrypted over the network.

When you browse with HTTPS, all the information is sent in an encrypted form to the server, so that if there is a user connected to the same network as you who is trying to steal your access credentials, they will only see a series of characters without any meaning.

You have more information about it in the article What is an SSL certificate and how it protects my data .

You do not need to buy the most expensive certificate on the market, with a standard RapidSSL certificate you can use it.

You can also try the free option that Let's Encrypt offers you.

Use strong passwords

Nothing to use passwords like "12345" , "password" , "john" , "nameofmywebsite" or "qwerty" . If you have a password of this type, it is already taking time to change it.

A good password should contain uppercase, lowercase, numbers, and special characters (such as a comma, at sign, or a hyphen).

This is an example of a strong password: 7sP3 @ $ zjT1b3

The length of the password is also an important factor to consider. It is recommended that it be 12 characters long or longer.

If you have trouble remembering a password of this type, you can choose to build one that is easier for you to remember, such as “25beatheat – Seafood ++ 35”.

Don't make it easy for attackers!

Always keep your WordPress up to date!

When a new version of WordPress is released, it is not only to fix errors or add new functionalities, it is also done to correct security problems that have been detected.

Having an old version of this tool is like opening a door to malicious users, since they will precisely take advantage of known security flaws to attack us.

Update your WordPress every time you see an update notification in the administration; It is very simple and it will only take you a minute.

If for some reason you cannot update the WordPress version from the website administration, it can also be updated manually. See the article Update WordPress manually to see how you can do it.

As we always recommend, to avoid disappointment, make a backup before updating.

Add an X-XSS-Protection header

By adding this header you can increase security against XSS-type attacks. We tell you all about this header in the X-XSS-Protection Header to prevent XSS attacks in IE and Chrome.

After adding the header, whether you do it in the .htaccess file or if you do it in the functions.php, be sure to check that your website works as expected.

If you see that it affects the operation of your website in any way, remove the added code to revert the change.

Remember to always make a backup copy of the files you are going to edit.

How to avoid it?

The main measure to avoid this vulnerability is not to download plugins or templates from non-verified sites, our recommendation is to always download from the official WordPress.org repository.

In the event that you are infected, we recommend installing the Wordfence security plugin that includes an option to analyze the images as if they were PHP code.

Be wary if, for example, you see PHP files in directories where there should only be images, such as the / wp-content / uploads directory.

Conclusion

Coronavirus has hit every industry and the after effects of that can be seen everywhere. It is being used as bait by cyber criminals.

This is why it is essential to put in place the kind of good practices seen throughout this guide to reduce the potential risks of WordPress attacks.

By following these different steps, you will have effectively secured your WordPress site. We hope you found this article helpful.