We had this question pop-up today at Wealthy Affiliate where a member was asking whether there are any WordPress plugins that can be installed that will prevent hacking. The answer is "NO", and in-fact, Plugins are the main reason that Websites get hacked in the first place. With every plugin that is installed on your website, this gives a potential hacker an entrance point where they can attack your website. My suggestion to prevent this is to install the least amount of plugins possible. Obviously all websites need plugins to extend the functionality of the site, but do no go "Plugin Crazy". A site can function very well with 5 plugins or less and certainly no more than 10. So what if your site does get hacked? Well, if you are hosting your website here at Wealthy Affiliate on our state-of-the-art hosting platform then we'll not only detect the hacking attempt, we'll remove any malicious code that was added to your site and we will patch up your website so you are no longer vulnerable. This is part of our PREMIUM website monitoring that all premium members have by default on ALL websites hosted at WA. The best part is that we do this quietly in the background and only notify you if absolutely necessary. Every day we fix many websites to keep them up and running without anyone knowing. NO other web host does this. If you were hosting a website with another web host and you got hacked they would most likely just delete your website (content and all). Plugins are not a solution for stoping hacking attempts, the more plugins you have, the more at risk you are to get hacked. Carson
Join the Discussion
Write something…
Recent messages
Eugene777 Premium
Thanks Carson.
Q I'm looking to install the best email subscription plugin in wordpress. Which one do you recommend Regards
Glovett Premium
Awesome, I was a little concerned about my site being protected, but this calmed my nerves! Thanks Carson!
bwh1 Premium
Choose a UNIQUE username and a great password usually prevent hackers to get into your site.

But when you are at shared hosting you get hacked anyhow if they get into an account from another site on that server.

2 other places hackers can get into a site fairly easy is a unused index and the email accounts on the domain. I don't know how they do it but got hacked once where the intruder got into you account over an email account.

Use strong passwords friends and manage all over Roboform or save it in a Excel file.

Carson Premium
This cannot happen at WA. We've got a very secure server where hackers cannot get from CLIENT to CLIENT. The second any code is added in a specific way to the server, we detect it, and destroy it, then determine how a hacker got in. In 99% of the cases it's due to a poorly programmed theme or plugin that has security holes.

Regardless, a hacker cannot get from one client's hosting to another on WA hosting. With another host, they absolutely can and that is how major attacks happen. The way we have WordPress and our entire Hosting network setup does not allow this.

We detect brute force attacks so guessing usernames / passwords is not something that will happen at WA either. I absolutely agree that a good password is a great idea, but with all sites that we install here at WA, they come with strong passwords in the first place!

We've got you covered here at WA, but with each plugin installed vulnerabilities can arise for your website (and your website only). The less plugins, the more secure your site.

Jaialoha Premium
Thanks and good to know!
fishing Premium
I have a security plugin installed a while ago.....I now think it is just slowing me down unnecessarily would that be right.....get rid of it not needed as WA has our backs...:)
Kathy1952 Premium
Thanks, Carson. It is so comforting to know you guys are there and that you have our backs!
AudreyAO Premium
This is actually on my Spring Cleaning To Do List this week. I'm shooting for 7-10 plugins if I absolutely need them all.
This is just another great benefit for joining Wealthy Affiliate. :)
kaliinozarks Premium
Thanks Carson. This is great information and it's good to know you have my back.
Steve Wood Premium
"Wordfence" is a good all round defence against hackers.
It's well maintained and updated. You can get a free or paid version.
I use it on all my blogs, and its not let me down yet. It also emails you
if it detects continued forced multi log-in attempts.

Scans wordpress base code and theme code for changes.
Revert back to original files held in the back-up, lockout, lock down your blog
lots of help on the creator's forum.

For paid version only- block relentless attacks from
ip addresses, ban ip addresses and lots of other helpful stuff to keep your blog safe.

The more pages you have on top of Google the more your blog will be attacked, and that's a fact...

Badly coded themes can also let the bad guys in; it's not just plugin's that hackers use to gain access.

Furthermore, it's not that hard to get an author's user name, then they only need to get lucky with his or her password. Make sure all passwords are strong and not generated by wordpress.

<!-- Jetpack Open Graph Tags -->
<meta property="og:type" content="profile" />
<meta property="og:title" content="public-author-name" />
<meta property="og:url" content="http://www.someblog.com/author/authors-user-name-is-found-here" />

Stacydee Premium
Thank you Carson. Yet another reason why WA is a great value for the cost.
Kewl Web Premium
Thanks Carson.
Imran M Premium
True, although having said that, there are a couple of plug ins I install on all my WP blogs (I manage over 100+ WP blogs):

Login Lockdown - this automatically blocks the IP of anyone who keeps hammering the wp log in page with the wrong password - usually the type of behaviour when someone's guessing a password (not hacking per say, but still a problem).

Bulletproof Security - this creates blocks and barriers in your Htaccess file preventing a lot of the loopholes that most hackers use to gain access to your wp-admin area to exploit your plug ins.

I'd also recommend having your server provider set up firewall software if you have a dedicated server to keep out malicious activity.

Hope that helps...
Well said Carson. It's hard to use less plugins but when you sit down and look at what you have installed you'll see that most of them aren't needed. You've only added them because they'll make your site look "cooler."

Seeing there is a massive attack going on at the moment on WordPress websites (not sure if it's limited to .com or .org WordPress sites) it's best to start eliminating unnecessary plugins now.

Also, if you're using a user on your website called "admin" it's time to change it. Dean (@Apina) has written a guide on how to do this on his website so check it out if you need to change this: http://www.apinapress.com/dont-be-an-admin-part-two/ using an admin user and/or a simple password is how people are hacking into websites.

Nice to see WA goes even further for it's members AGAIN! :)

~ Luke
PedroSousa Premium
another awesome feature in WA! ;)
Jay Gumbs Premium
"The best part is that we do this quietly in the background and only notify you if absolutely necessary. Every day we fix many websites to keep them up and running without anyone knowing. NO other web host does this."

Actually I know of one but for internet marketers like us who own more than 1 website, it would cost $99 per month! Glad to know that WA has this service. Another great promotional angle to use.
Naq Premium
Awesome, great to know that you guys have got our back covered :-)
mama2karsten Premium
Thank you so much for the above info... I had know idea that WA hosting had ant-hacking benefits, nice to know you have our backs...
magistudios Premium
Well said Carson.. :)

There are a plethora of reasons why you want to limit the use of WordPress plugins on your site and here are a few that I think are important to mention:

* They make your site load longer
Whenever you add a plugin, it adds another 'task' for your site to do when every single person visits your site.

* They give access to your database
This is THE reason why most sites get hacked as the database (let's call it the guts of your site) is the inner workings of your site and can then be altered in whatever way the hacker wants.

* Improper code structure
Code can become very unstable when it is not written in the same high quality as WordPress thus can break your site

I know it is hard to (sometimes) resist the temptation of fancy pants bells and whistles that plugins can come with. But at the end of the day..
does it REALLY provide an awesome user experience?
Thanks for the reminder! So much to remember and it all seems important. Sure have appreciated the patience and support through all the babysteps. It is finally starting to be Fun! Sherry M
Sherion Premium
I was told by another member here that this is what the Akismet was for. I think it is best I just not answer any questions anymore. If someone tells me something and the source I got it from seemed reliable then I usually feel safe to pass that on. So, then it seems I misguided someone by accident. I will go back refer him to this post.

Thanks for all you do Carson. I know you take care of us.
Carson Premium
Askimet is a great and reliable plugin that prevents and helps to block spam comments. However, it does not prevent a hacker from trying to access your site. Perhaps you got spam and hacking mixed up.

I should also mention that we monitor and delete spam comments too. If spam comments build up on your site I'm they can actually bring your site down or make it ultra slow to load. This is another perk of being a WA Premium member and hosting your sites with us!
Sherion Premium
You know what Carson I think I did get them mixed up then. I was probably thinking of spam. I know that my Akismet blocks a lot of spam to my site. I was able to locate the guy and send him your post here last night. Thanks Carson.
splashduck Premium
Thanks Carson. I never knew about any of this. You and Kyle do an amazing job of looking after our interests. Thank you. Robbie :)