Malware Prevention on WordPress Websites and Blogs

The Greater the Numbers the Greater the Risk of Malware

Do you know why Microsoft is prone to more viruses than Mac or Linux? It is because there are a lot more Windows based computers and so if someone wants to cause damage he gets more bang for his buck by creating malware for a Windows computer than for a Mac or Linux computer. So Windows users have to worry more about preventing malware than do Mac or Linux users.

Failure to Update WordPress Results in Vulnerability to Malware

Well, the same holds true for Websites. Given the impressive number of WordPress based websites, malware authors have learned that creating harmful scripts for WordPress gives them the largest impact. As a result, WordPress is in an arms race with malware writers. In addition, all of the plug-in and theme authors are in the same battle.

The problem is that even when WordPress updates its software, not everyone updates it right away. In addition, not all plug-ins get fixed when malware authors find holes, and even if they do get fixed, users don’t update them. Improperly written themes can have security problems as well. Themes need to be updated to stop security problems too. Again, sometimes theme authors do not update their themes, or users don’t update their themes.

Hosts can Cause Problems too

Another problem is that some website hosts control WordPress and are the ones that control the updates. My first blog host chose when I got WordPress updates, not me.  Further, if you are on a shared server with improper security, even if you keep your website up-to-date, others may not. Their problems can easily become your problems.

Harden your WordPress Site to Protect it

The term harden means to do what you can to lock up your WordPress site to keep it safe.

  1. Keep WordPress up-to-date. Consistently check for updates. As soon as an update comes out, update your site.
  2. Keep Plug-ins up-to-date. Watch for problems with your plug-ins.  Don’t be afraid to find a new plug-in if the old one is vulnerable.  Choose well-rated plug-ins and update all plug-ins immediately. Check plug-ins using this plug-in
  3. Keep your Theme up-to-date and pick a good theme in the first place. There are suggested methods for theme creation. Be sure you choose a theme written by someone who knows what she is doing.  Check themes with this plug-in.
  4. Use a good scanner to keep your site safe. I use Sucuri for my websites. I have even used Sucuri to clean a site that got infected. The folks had it cleaned within 4 hours. Removing it from Google’s Blacklist took a bit longer. For $89 per year you really can’t beat the service. Sucuri offers a free scanner you can use to check the health of your site. Included in the service are alerts which will let you know when you have a problem. In addition, Sucuri offers a plug-in that provides advice on how to harden your site.

Backup your Site

In case the worst happens, it is best to back-up your site frequently. You want to make sure you back up both the database (which contains your posts and pages) and your theme and setup as well. I use Blue Host as my host of choice, because it provides a good backup service.  Always backup your site before you perform any updates, just in case something goes wrong during the update.

Choose a Good Host

I have already mentioned that I use Blue Host. Regardless of your host, make sure it is a good, solid host known for being good for WordPress. Picking a cheap or free host won’t seem like such a good idea when your website goes down.


WordPress is a wonderful tool for quickly putting up a great website. This convenience has led to its popularity which, in turn, has led to risk of malware problems. The best way to protect your site (and those who visit it) is to keep your software up-to-date and using the myriad tools available to prevent malware infections.


Subscribe to This Blog