WordPress Security

WordPress Security –
Complete Guide For Rock
Solid Security [Free Plugin
Included]
Updated on: May 4, 2020

Ananda Krishna

22 mins read

Article Summary

A complete DIY guide on WordPress security. A comprehensive guide

includes 26 easy steps that you can follow harden your security & reduced
the chance of getting hacked.

Being used by one-third of the total websites, WordPress always manages to catch the
eye of hackers. In recent years, the extent of attacks on WordPress is alarming and calls
for action. Despite the attacks, WordPress Security is still a massively misunderstood
and underappreciated concept. And, web owners find it more convenient to overlook it.

This Blog Includes [ show ]

CMS Market Share

60 Market Place

40

20

0
WordPress Drupal OpenCart
Joomla Magento Prestashop

However, in the wake of these exploits, a lot of people are coming to terms with the
need to upgrade their WordPress security standards. But they often find themselves at
sea deciding what security practices are legit and what aren’t. Don’t worry! We have
done the research for you. In this article, you are about to find the complete list of
essential & actionable WordPress security measures for your site. Further, this list is
independent of your tech-savviness and can be easily applied by anyone.

Also, go through the below URLs if you are looking for

The Ultimate WordPress hack removal guide

Best WordPress Security Plugin

WordPress Security – Let’s Talk About Numbers

WordPress is maintained by a group of competent developers. Still, it remains the most
viciously attacked CMS in the world. According to a study, more than 70% of
WordPress websites are vulnerable to attacks. Moreover, the recent hacks on
WordPress plugin like GDPR, WP Live chat have put thousands of websites on risk. Also,
CVE details reveal that most of these attacks are of cross-site scripting.

WordPress CVE Details 2004-2019

XSS
6.6% DoS
Code Execution
11.8%
Sql Injection
35.5% Directory Traversal
Http Response Splitting
11.8%
Bypass something
Gain Information
Gain Privileges

8.4% 6.3% CSRF

File Inclusion
14.3%

As you can see in the graph, most WordPress sites have suffered XSS, followed by Code
Execution. Additionally, another research unveils that 40% of all attacks are targeted at
small and medium websites. So, people believing that only big websites get hacked get
the answer.
 Top Security Concerns for SME's

Not at all
Targeted Attacks Challenging
Further, most of these attacks are a direct result of neglected WordPress security.
Mildly
Ransomware
According to Kinsta, 55% of hacked websites had outdated versions of plugins,Challenging
themes
Advance Persistent Severely
or CMS. Attacks Challenging
DDOS Attacks Extremely
Challenging
Proliferation of BYOD
& smart devices
Estimated % on How WordPress Websites Get Hacked

Plugin
Insider ex-filtration 6% Brute Force

0 5% 10 20 30 Core 40 50
Theme
6% Levels of Challenging Attacks in Percentage
Hosting
File Permissions
8%
Others(FTP, Old Files,
56%
Passwords)

15%

Now, we already know that the consequences of a hack can be disastrous for a
business. There are a whole lot of things that can go wrong. For instance, the attacker
can meddle with your confidential & customer data. They can steal your credentials,
misconfigure your website and whatnot. And if they get a hold of your
financial/payment details you can be bankrupt too. Other hidden consequences of a
hack may include, mistrust for your brand, loss of authority, domain value, etc.
Furthermore, a hack can also result in a downfall of your site’s search rankings.

Related Guide – WordPress Security Issues 2019

How to Harden WordPress Security

Building a worthy website requires time, effort and energy. But, all these efforts will turn to a fiasco if
the security is not taken care of. Certainly, not paying due attention to WordPress security can have
lasting aftereffects.

Yet, protecting your website is much easier than you thought. So, if you diligently followed this list of
WordPress security measures for your website, I guarantee that the risks will reduce to a bare
minimum.

Website Vulnerability Scanner

Scan your website for 140+ security issues like header security, cookie security,

CORS tests, HTTPS security etc.

Enter your site URL Scan

1. Backup Regularly your WordPress website

Let’s face it – no one is hack-proof on the internet. So, the first thing to do for your WordPress
website is proper risk management. This is to say, plan beforehand for a scenario like a hack. And,
with good backups in store, you can confidently delete the hacked version and restore your
website back to normal immediately. Clearly, in an event like a sudden hack, backups can save you
from a complete debacle.

The motive of backup is to restore your website to its best working condition in case of a hack. Also,
backups should be taken often and regularly. Now, the frequency could vary from daily to weekly to
monthly depending on how often you update the website’s content.

Plus, make sure to take multiple backups (with time & date properly mentioned). Since a hack may
remain hidden for days, in that case, you might need a backup dated way back.

Hence, to make your backups more functional, you should include the following files and folders in
your backup:

1. The WordPress Files

 The Core Installation
WP Plugins
WordPress Themes
Images and Files
JavaScript and PHP scripts, and other code files
Additional Files and Static Web Pages

2. The WordPress Database

The WordPress database stores crucial information like details of posts, pages,
comments, tags, users, categories, custom fields, etc. Hence, it is extremely important to
include this in the backup.

Verifying that the backup is functional is part of the process. In the end, make sure to
test if the backup completes its motive and allows quick and full recovery of your
working website.

Note – Maintain your backup against a date and time stamp.

a) Backup of the WordPress Database

For the WordPress database backup, use the MySQL command line. Otherwise,
administrative interfaces like phpMyAdmin can also be used.

You can take backups manually, through cPanel, cloud, etc. We have covered a few
methods here:

a) How to do Manual backup of WordPress

Follow these steps to take a backup manually –

Compress your website files

Download it to your local device
Store it remotely
Build a backup manager with files name, backup date & time as a parameter
Now, backing up manually can prove to be a tedious & time-consuming task. You have
to monitor the download of each & every file carefully. Further, the management of
backups is again a lot of work.

The one free alternative offering full backup capabilities that stand out of the list is
BackWPup. You can skip all this, and use a WordPress plugin instead. Plugins like
Updraftplus, Backupbuddy, etc automate the whole process of backing up and is super
easy to use.

b) WordPress backup through cPanel

Another option is to backup through Cpanel. Here is how you can do this:

1. Log into your cPanel control panel.

2. Click on the “Backup” icon.
3. Select “Generate / Download a Full Backup”.
4. Select “Home Directory” in “Backup Destination” and enter your email address,
before clicking the “Generate Backup” button.
5. You’ll receive an email when the backup is ready.

c) Cloud Backup of your WordPress

Backing up on the cloud is the most convenient way for backing up a WordPress
website. Various cloud services like Amazon S3, Dropbox, stash, etc simplifies the
backup procedure.

2. Enhance Security by Updating CMS, Plugin & Themes to Latest Versions

After securing a backup plan, the easiest way to secure your website is to update. Every
update, whether it for core CMS, or plugins or themes, comes with vulnerability patches
& security amendments. Being quick with these updates can reduce risk incredibly. Even
the top security experts believe that keeping your website up to date eliminates most of
the risks.
 Percentage of users on various WordPress Versions

5.2
5.1
5.0
4.9
36.1% 4.8
4.7
4.6
4.5
23.1%
4.4
4.3
11%
8.5%
1/3

But, a major update can sometimes break some functionalities of a website. Hence, it is
good practice to take a backup beforehand. After that, put your website in the
maintenance mode before initiating a major update.

Moreover, the WordPress core has three different types of updates:

Core development updates, known as the “bleeding edge”

Minor core updates, such as maintenance and security releases
Major core release updates

The minor releases are automatically updated by WordPress in the backend. So, it is
only the major core releases that you have to take care of. Likewise, update the themes
are plugins too.

Pro-Tip – You can use our WP Hardening Plugin to fix 12+ issues like (Stop User
Enumeration, Disable XMLRPC, Hide Version No. & many more)
Again, there are two ways to update core, themes, and plugins – Manual & Automated.
Both the methods have been explained below –

a) Manual

Core Update – Updating a WordPress website is pretty easy. Since WordPress

automatically installs all the minor patches, you have to push the major version
updates only. To do this,

1. Log into your wp-admin

2. Go to the Updates section.
3. See if there are updates are available. If there are, update all of them.

Themes and Plugins Update – To update the themes and plugins, follow the following
process,

1. Log into your wp-admin

2. Go to the Updates section.
3. See if there are updates are available. If there are, update all of them.
b) Automated

Core Update – As discussed already, WordPress by default automates the minor

security patches. However, you can override those changes by editing the wp-
config.php file by adding or modifying the following statement –

define( 'WP_AUTO_UPDATE_CORE', true )

For the major updates, check the updates section in your WordPress backend and
initiate updates if available.

Themes and Plugins Update – The themes and plugins can be updated automatically
using filters. The best place to put a filter is in a must-use plugin. Also, WordPress
doesn’t recommend putting filters in the wp-config.php file. This is because putting
filters in the wp-config.php can create conflict with other parts of the code.

To enable automatic updates for themes and plugins, add the following code

add_filter( 'auto_update_plugin', '__return_true' );

add_filter( 'auto_update_theme', '__return_true' );
3. Update your PHP, to the latest version

Speaking of updates, there is another update that you need to take care of – the PHP
version. PHP is the core programming language of WordPress. Certainly, updating it to
its latest stable version will enhance your WordPress security.

Note: PHP version 7.0 and older do not have security support and are susceptible to
known and unpatched vulnerabilities. Therefore, you must update to the latest PHP
version i.e. 7.3.

PHP Versions used by WordPress users

7.3
6.6% 7.2
6.8% 7.1
7.0
19.7%
5.6
5.5
5.4
28.7% 5.3
13.2%
5.2

15.8%

Note: The PHP version 7.2 will no longer be supported after November 30, 2019.

Here is how you can update your PHP:

! 00:00 00:00 1" #
1. Log into your cPanel $ powered by Play.ht

2. Navigate to the Software section. Click on PHP configuration

3. Next, select the latest stable version of the PHP and click on update.
4. Review the changes in phpmyinfo

4. Remove defunct Plugins/themes

If you have not used a plugin for the longest time, you must get rid of it to secure your
WordPress. This is because even though the plugin is no longer in use or is disabled, the
files still exist. Further, these files might contain vulnerabilities unknown to you. Above
all, attackers could exploit these vulnerabilities easily. Thus, delete the defunct plugins &
themes.

Here is how you can do that:

1. Log into your WordPress dashboard

2. Go to the Plugins sections
3. Identify the inactive plugins, and delete them.

5. Install a WordPress Firewall Plugin

Need I say, that monitoring your website ceaselessly is humanly impossible? So, the
best bet here is a Web Application Firewall. A firewall is a continuous monitoring system
for your website. Most importantly, it detects and blocks malicious traffic from coming
to your website.

Although there are scores of firewalls to choose from, you should only go for the
hacker-tested ones. Astra’s Firewall is a rock-solid solution. It will protect you in real-
time against cyberattacks. Moreover, it works on your own server and requires no DNS
change.

Related Blog – How Firewall can help you to secure your WordPress website
How Astra Web Application Firewall protects your WordPress website

Here are the distinct features of the Astra firewall:

Filtering good traffic from bad traffic and blocking unwanted web traffic.
Blocking coming threats like SQLi, brute force attacks, CSRF, DDoS attacks, LFI,
RFI, Cross-site scripting, bad bots, Spam, and other zero-day exploits
Apart from being intuitive, it is also an intelligent firewall for detecting patterns of
attacks and configure itself for the next attack.
The Astra firewall is also a great way to block/whitelist IP addresses.
Further, Astra’s WAF also enhances the speed and performance of a website.

Speed and security are two desirable aspects of website security and a firewall
improves both. Moreover, in this growing age of online threats and attacks, a firewall is
a must.

6. Host your WordPress website on a secured server

The hosting server plays an important role in the security of your WordPress website.
Choosing a host wisely can be a game-changer in WordPress security. While selecting
a server you must consider the following:

Authority
Reviews and ratings
Support
Customization
Loading time

7. Customize the login page to increase security against Brute-Force

attacks

Protecting your login and admin pages is another way to secure your WordPress.
Attackers can break into your website through brute-forcing if it is left unsecured. Now,
brute-force attacks use the hit and trial method to guess the combination of username
and password of your website at a freakingly high speed.

Set strong and unique usernames & passwords for each of these pages. Avoid using an
obvious username like ‘admin’, your website’s name, your own name, a proper word that
could be found in the dictionary. Same goes with the passwords, refrain from using
‘Password’, your own name, your website’s name, etc as your password.

Related Guide – How to change Admin URL in WordPress

 Lesson [3/10]: Restrict Access to your WordPress Admin

8. Limit login attempts

Another way to protect your WordPress admin area from brute-force is to limit the
number of login attempts on it. Plugins like Limit login attempts & Loginizer may come
handy in this.

9. Set correct user roles

Not all users need to have all the privileges in your WordPress. You can distribute the
required roles for each user according to their responsibilities on the website. You can
better control and monitor who does what on your website with these roles. By default,
WordPress defines six roles namely, in the descending order of their powers – Super
administrator, administrator, Editor, Author, Contributor, and Subscriber.

You can use the predefined set of user roles or can create custom roles as per your
needs. The predefined can be assigned from the dashboard itself, whereas for custom
roles a plugin would be needed. The User Roles Editor plugin is best suited for this.

Here is how you can define custom user roles with this plugin:
 1. Install a plugin ‘User role editor”
2. Go to ‘Users’>Other rolesStep
3. Define/add custom roles for a particular user.

10. Protect wp-config File

wp-config.php contains the configuration details of your WordPress website. Any

absurd compromisation in this file can break your website completely. Hence, the wp-
config file should be handled with extra care and must be secured with utmost urgency.
Further, it also stores sensitive information about WordPress database credentials.

Some ways to secure the wp-config file are:

Moving it outside the root folder

Blocking internal access and code modifications to your wp-config.php
Modifying the default wp-config.php File
Setting 400 permission in the wp-config.php file. This means that the user and
groups have permission to only read and others have no access at all.

Lesson [2/10]: Secure WP-Con>g File From Hackers

11. Restrict Access To wp-admin

The wp-admin is the administrator area of your website. It can be said that it is the
controller of your website. Hackers constantly try to brute-force it to hijack the whole
website. This makes it vital to secure the wp-admin area to tighten your WordPress
security. You can secure your wp-admin area as follows:

Restricting access and allowing only selected IP addresses to your admin page is one
way to secure it. This way, any unknown IP automatically gets blocked. In your wp-
admin folder, create a .htaccess file and paste the following code there:

Order Deny, Allow

Deny from all
Allow from xx.xx.xx.xx

Edit the xx.xx.xx.xx to contain your IP address.For multiple IP whi

telisting, repeat the “Allow from” in the next line and so on.

Usually, there is a Register link on your WordPress login page. Disable this Registration
form to discourage access to wp-admin.

12. Update WordPress security keys

Secret security keys ensure the security of cookies in your WordPress website. You must
set up security keys to discourage any stealing of cookies and impersonation of users.
After you have set the secret security keys, it will nullify all the current sessions and will
require the user to re-authenticate. Above all, the administrator must change the
security keys if there is any compromisation to them or even suspicion of
compromisation.

You can generate secret keys both manually as well as with the help of an online key
generator. WordPress also has its official secret key generator. Generate keys from here
and paste these keys in the wp-config file and you are good to go.
 Set/Update WordPress Salts and Unique Authentication Secret Key (Without Pl…

13. Create a unique database prefix

WordPress database is the area where important information/data regarding the

website and users sits. Quite obviously, this makes it a desired target. By default, the
wpdb contains 11 tables which include tables for – users data, site URLs, posts, pages,
comments, etc.

Further, all these tables have the universally known default prefix wp_ before them. The
names of these tables are also commonly known. In case of improper validation and
sanitization rules for query insertion, a hacker can run SQL commands to fetch data
from a known database table.

In order to secure the database, you must change the database prefix to something
else. Moreover, changing the database prefix at the time of installation is the ideal way.
However, if you haven’t changed it then, you can also change it by SQL command or
with the help of a plugin. Both of these methods are depicted below:

a) Manual
Like mentioned earlier, database prefix can be changed with the help of SQL
command. By running a series of commands. For the detailed instruction and
procedure follow this link.

b) Automated

There are several plugins on WordPress that help in automating this whole process of
prefix change. One such free plugin is the change table prefix plugin.

14. Additional authentication factors for WordPress admin security

To secure your website, even more, the two-factor authentication is a smart tool. This
tool ensures the true identity of a user on your website by requiring more than a
password to log in. This way, it prohibits any fake, unauthenticated user to access it,
even if they happened to guess your password. The two-factor authentication plugin is
a great way to apply this security on your website.

15. Setup automatic logout plugin

Not all users on your WordPress are careful and vigilant enough to logout after each
session completion. The stealing of cookies and session hijacking also makes for major
attack vectors on WordPress. You must set an automatic logout so that all the idle
customers are logged out of the website.

16. Strengthen your passwords to harden WordPress security

It may look too obvious a security measure, but even then many neglect this. Always
opt for unique and strong passwords for your WordPress accounts. Also, refrain from
using the word password, admin and proper words from the dictionary as your
passwords. Make sure that your password is a combination of letters(upper and lower
case), numbers and special characters.
17. SSL data encryption

Having an SSL( Secure Socket Layer) certificate for your website’s domain adds to its
authority and security. It encrypts the data transfer between the user and the server.
Since Google rankings started getting affected by HTTPS, a lot of authorization
companies sprouted. However, not all of these are deemed authoritative by Google.
Hence, you must get the SSL certificate from a verified and trusted source.

Further, not redirecting all of your web pages to HTTPS can also have adverse effects
on your website. Having both HTTP and HTTPS pages on a website is known as MIxed
Content. Now, Google regularly flags websites for mixed content. Thus, make sure to
redirect all your pages to HTTPS.

18. Control Comments

WordPress is infamous for pervasive spammy comments. Hence, you must review
carefully comments before allowing them on your website. Moreover, you can either
disable it altogether or add several conditions to block spam. This requires manual
effort. You can also choose a plugin like Askimet to do the job.

19. Set Strict Files & Folder Permissions in WordPress

You can achieve another WordPress security milestone by setting stricter files and
folder permissions. The recommended file/folder permissions for different files/folders
are:

For wp-config.php = 400

For uploads folder = 755
For .htaccess files = 400
For wp=content = 755
For wp-includes = 755
For index.php = 444
20. Hide the WordPress version number to protect WordPress from known
vulnerabilities
Known vulnerabilities in different WordPress versions are easily available on the
internet. These databases serve as a treasure for hackers. They use bots/botnets to
hunt for WordPress websites with these outdated versions. Once a bot reaches your
website, the first thing it looks for its version number and the listed vulnerability in it.
When they do find one such website, they exploit the vulnerability.

You can protect your website from these attacks by simply hiding your WordPress
version number.

Manual

Hide the WordPress version number from Generator meta tag,

1. Navigate to your root directory

2. Go to /wp-content/themes/ directory
3. In the functions.php file, add the following line of code

remove_action('wp_head', 'wp_generator');

Hide the WordPress version number from the default RSS feeds as follows

1. Navigate to your root directory

2. Go to /wp-content/themes/ directory
3. In the functions.php file, add the following lines of code at the bottom

1
function remove_wp_version_rss() {
2
3 return”;
4
5 }

add_filter(‘the_generator’,’remove_wp_version_rss’);

Automated

There are plugins available which hide the WordPress version number, we recommend using the Meta
Generator and Version Info Remover plugin.

21. Disable PHP execution when not needed

While WordPress automatically runs PHP file execution for all directories of the website,
it’s best that you disable it for such directories as /wp-content/uploads/. You’ll be able
to do this using FTP access. Here is how:

1. Access your website with FTP

2. Navigate to /wp-content/uploads/ directory
3. Paste the following code and save the document under the .htaccess format.
<Files *.php>
deny from all
</Files>

22. Improve hardware protection

It’s only logical to protect the hardware you are accessing your website with. A non-
secured PC with security vulnerabilities serves as a way for hackers to enter your
website. Ensure that your gadget is well-protected by a firewall and anti-virus software
installed. This will not only block WordPress attacks but also any coming online security
threats.

Like in the case a website, defunct plugins are a problem, similarly obsolete & defunct
applications are an invitation to the threat too. Thus, remove all unnecessary/obsolete
applications from your device.

Most applications ask for different permissions right after you install them. As a thumb
rule, try giving the least privileges to them.

23. Disable script injections

Disallow script injections to prevent hackers from injecting malicious code into existing
PHP documents. You can disable the script injections by adding the following code:
 Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

24. Download plugins from reputable sources

Not all plugins have dedicated developers behind them. A lot of plugins on WordPress
aren’t even maintained that often. So, before opting for any random plugin by a third
party you must consider the following points:

Reviews and ratings

Last update and the frequency of updates
Support

25. Scan WordPress for malware & backdoors regularly

Monitoring your website is equally important than securing it. Having a proactive
malware scanner that scans your website periodically is crucial for WordPress security.
Scanning your site every once in a while for viruses and malware lets you be updated
with the well-being of your website.

Astra’s machine-learning powered malware scanner is a perfect fit for this. Other
scanners include:

By scanning the website, you’ll be able to detect the risk of security breaches instead of
having to deal with actual attacks as they happen.

26. WordPress Security Audit

You applied every security measure on your site, however, even then it needs regular
maintenance. A premium security audit can greatly help you here. Every now and then
your website needs to be checked for new vulnerabilities and broken security.

Astra’s Vulnerability Assessment and Penetration testing program has engineers look
into your website for possible vulnerabilities. In a security audit like this, your source
code, plugins, and themes are thoroughly audited. It also uncovers loopholes and
backdoors in your website.

Related Guide – How to WordPress Security Audit & Pentesting

Conclusion
The WordPress security measures listed in this guide here are security gospels. You must
persevere to apply and maintain these on your WordPress site for enhanced security.
These WordPress security tips will ensure that your website remains protected from
online threats.

Not a fan of reading? Learn WordPress security with videos.

Join our FREE wordPress security course.

Enroll me

An increasing community of 4500+ members

Found this article helpful? Share it with your friends

Was this post helpful?

Yes 12

No 0

Tags: Harden WordPress Security, Protect Wordpress from hackers, Protect Wordpress
website, security guide, Wordpress security tips, Wordpress site security
 Ananda Krishna

Ananda Krishna is the co-founder & CTO of Astra Security, a SaaS

suite that secures businesses from cyber threats. He has been
acknowledged by the Indian Navy, Microsoft, United Airlines, etc.
for finding critical security vulnerabilities in their systems. Winner
of the Best Security Product at Global Conference on Cyberspace
2017 (awarded by Narendra Modi, Prime Minister of India) & French
Tech Ticket, Paris (awarded by François Hollande, former President
of France).At Astra he's building an intelligent security ecosystem -
web application firewall (WAF), malware detection & analysis,
large scale SaaS applications, APIs & more. He's actively involved in
the cybersecurity community and shared his knowledge at various
forums & invited talks.

! " #

Join the discussion

{} [+] !

This site uses Akismet to reduce spam. Learn how your comment data is
processed.

8 COMMENTS ! " Oldest #

Mainul " 10 months ago

This Guide is exactly what i am looking for. Thank for Astra Team.

0 Reply

Naman Rastogi " 9 months ago

# Reply to Mainul
Admin
Thanks so much Mainul. You can subscribe to to our Newsletter for more such blog
posts.

0 Reply

zahidah saleema " 7 months ago

Thanks for sharing I’m a developer at techreshape.com have a suggestion about

wordpress security:
WordPress by default Login URL is /wp-admin. There is nothing wrong with the
default Login URL, but the problem starts with this that all the hackers are aware of
this Link and they use Bots and Scripts to Hack your website.

0 Reply

Naman Rastogi " 7 months ago

# Reply to zahidah saleema

Admin
Thanks, Zahidah. If you don’t change the default admin URL the hackers can easily
perform brute force attack to guess the username and password. It is highly
recommended changing the default admin URL & have brute force protection. You
can use our Free WP Hardening plugin to fix 12+ issues by just a click –
https://wordpress.org/plugins/wp-security-hardening/

0 Reply

robrt smith " 6 months ago

thank you for sharing this informative blog, it’s very meaningful for us.

0 Reply
 Naman Rastogi " 6 months ago

# Reply to robrt smith

Admin
Thanks, Robert

0 Reply

Julian " 6 months ago

Landed on your link from FB share & I must say it is indeed a helpful guide on
WordPress security. I was able to follow most of the steps mentioned & it took around
an hour. Also, the WP hardening plugin is just awesome, it helped me to avoid the use
of 5 plugins.

May I know what guide should I follow to scan my WordPress for malware & your plans
to secure it?

0 Reply

Naman Rastogi " 6 months ago

# Reply to Julian
Admin
Thank you so much, Julian.

You can follow our WordPress malware removal guide to scan & remove malicious
scripts – https://www.getastra.com/blog/911/wordpress-site-hacked-malware-
backdoor/

You can also use our malware scanner to scan your website. You can choose a plan
from here – https://www.getastra.com/pricing

0 Reply

Related Articles
WordPress Security WordPress Security

Top WordPress Vulnerabilities Is WordPress Secure for

[June 2020] eCommerce? Here Is The Answer!

911 Hack Removal

How to Fix Push Notification &

Redirection Malware on
WordPress
Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands

of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner

and security audits to protect your site from the
evil forces on the internet, even when you sleep.

Secure your site in 3 mins Learn more

+ Product
We make security simple and hassle-free for
thousands of websites & businesses worldwide.
+ CMS Security

+ Company

+ Resources

See our glowing reviews on

Trustpilot Capterra
Made with in ❤

Copyright © 2020 ASTRA IT, Inc. All Rights Reserved.

Privacy Policy Terms of Service Report a vulnerability