As is often the case in life, getting a new WordPress website more than a one-and-done deal. Much like how maintenance and protective acts are needed to keep your vehicle in good shape, you should also take steps to keep your website secure.

In this article, DataboxStudio will be sharing rules for keeping your WordPress website safe from malware attacks.

Types of Malware Attacks

There are various malware attacks that can hijack or disable your website, but here are 2 that we’re seen to be more prevalent:

Link Hijacking: This is where your website is accessed and junk links are added to your content (i.e. pharmaceutical or gambling links). The point of this attack if for the hacker to use your domain authority in order to increase SEO rankings for the target websites.

Site Redirection: In this case, when your website is compromised, users will be immediately redirected to some sort of spam website when they try to visit your website. An example of this would be having the user dropped onto a sweepstakes website.

So, what can you do to minimize the risk for such attacks on your WordPress website? Keep reading…

Rule #1: Use Good Passwords

It’s important that you use good passwords as hackers know that it’s relatively common practice (though bad) for companies to use simple passwords out of convenience. For example, here are a few terrible username/password combos:

admin / password

admin / website2018

When it comes to passwords, each of the following tips will make your password more secure:

Use 8 characters or more

Include numbers

Include uppercase and lowercase letters

Use a symbol such as $, #, @, *, or!

This rule is easy and quick to put into practice, but remember, all of your WordPress users need to have secure passwords. Insecurity, the rule is that you’re only as secure as your weakest link.

Important: Along with having more secure passwords, make sure to also remove inactive users. This might include employees or vendors that are no longer with your company.

Rule #2: Keep Your Software Up To Date

This one is a big deal. Unfortunately, as busy people, we’re often weak at maintaining systems. But neglecting to update your WordPress and plugin software can be a detrimental mistake. It’s also one of the biggest reasons for malware attacks against your WordPress website.

Neglecting to update your WordPress and plugin software can be a detrimental mistake.

Why? Well, the reason is quite simple. Hackers are known for finding holes in software and then publishing their findings to the web. What does this mean for you? Well, if you’re using a version of WordPress that’s a year or two old, it’s very possible that a vulnerability was discovered and it’s only a matter of time until your website is compromised.

To take it from bad to worse, hackers can actually create software to scan the web and find vulnerable websites (think outdated software) and automatically infect the websites using the known vulnerability exploit.

Does this all make your nervous? Fear not! Keeping your website software up to date is fairly simple. Many web design companies will actually provide monthly or quarterly update services. At our web development agency, we update plugins for about 90% of our clients on a monthly or quarterly basis. You can also do updates yourself, but make sure to have a backup handy in case something goes wrong.

Rule #3: Choose a Reputable Hosting Company

Rule #3 has to do with the company that you’re entrusting your website too- your hosting company. Hosting companies with older software are notorious for having out of date servers that are vulnerable to attacks. If a hacker can figure out how to access your host’s servers, it possible that they could simply modify your website’s code files to inject the nasty malware code.

If you have strong passwords and keep your website up to date, but you have a weak host, your website really isn’t secure at all.

A few tips for website hosts:

Cheap isn’t always the smart choice – instead of asking, “what is the cheapest route we can go”? You should ask, “what host will give us the best security, speed, and features for a reasonable price?”. Remember, this is your company website. If it has problems, it usually will hurt your business, so an extra $25 or even $100 / month is more than worth it.

When your host specializes in WordPress then typically you’ll see better security and speed because the host is focusing on one platform. Whenever you chose a specific niche, you generally do a superior job than the generalist.

Ask questions of your prospective host, such as:

  • What systems do you have in place to keep my WordPress website secure?
  • Have you had any vulnerability issues with you hosting servers in the last 2 years?
  • What does support look like if I have an issue?
  • How often have websites gone down on your servers in the last year?
  • What host will give us the best security, speed, and features for a reasonable price?

# Automatic Daily Backups

  • Do yourself a favor and find a host with this specific feature: daily automated backups with one-click restore.
  • Daily: so that you don’t have loss of data for new content you’ve been posting
  • Automated: so you don’t have to think about it
  • One-click restore: so that when you’re in crisis mode, getting a previous version of your website back up is easy-peasy.
  • Important: Remember to update your software and change all of your passwords after restoring from a previous backup.


Just like any other product that has many moving parts, it’s essential that you take the protective measures to keep your WordPress website up to date and secure. There are surely more things that you can do to make your website secure but getting these 3 foundational things right will make the lion-share of your risk disappear. At our web design company, we’ve never had any clients get hacked when applying these three rules.

Keyword Research

Duis vel tellus a ante convallis pellentesque. Ut nec eros ullamcorper, dictum enim in, euismod est. Proin scelerisque convallis ipsum consequat aliquam. Praesent semper scelerisque accumsan. Integer vitae nulla suscipit, molestie tortor sed, eleifend tellus. Pellentesque a bibendum massa. Etiam auctor ligula nibh.

  • Use Google AMP

  • Responsive Website

  • Use ALT Attributes

Donec quam est, suscipit vel ligula ut, aliquet maximus libero. Pellentesque finibus tellus vitae dolor lacinia eleifend. Vivamus convallis nunc ante, ac placerat turpis imperdiet in. Aenean posuere tortor vitae mi mollis tempus.ar nibh eget ullamcorper rutrum. Duis nec lobortis ex. Nunc ac semper sapien, a lobortis augue. Morbi ullamcorper erat vel nunc euismod, at condimentum turpis iaculis. Aliquam pretium blandit ultrices.

Learn From Google Analytics

Suspendisse eu lectus tempus, feugiat enim in, lacinia augue. Cras scelerisque risus vel nulla dictum vehicula. Phasellus vel massa massa. Curabitur a turpis vitae ipsum tempor varius. Etiam iaculis purus vitae velit blandit posuere. Cras scelerisque volutpat bibendum. Donec a justo sapien. Phasellus condimentum volutpat ex eget consectetur. Mauris vulputate aliquet commodo. Aliquam dictum tristique risus vel cursus.

Nulla sit amet nunc massa. Praesent sed est pellentesque, varius tellus non, efficitur nisi. Sed sit amet purus in odio varius tincidunt. Mauris ut ante lobortis, elementum orci efficitur, bibendum leo. Nulla fringilla porttitor congue. Nunc ac semper sapien, a lobortis augue. Morbi ullamcorper erat vel nunc euismod, at condimentum turpis iaculis. Aliquam pretium blandit ultrices.

Ut porttitor bibendum velit. Vivamus urna lorem, dapibus in odio nec, dapibus maximus risus. Vivamus eleifend vulputate egestas. Curabitur in diam eget lorem vehicula scelerisque. Mauris neque nibh, scelerisque ac malesuada at, feugiat a nisl etiam pulvinar nib.