10 Tricks To Bulk Up Your WordPress

Tricks to improve and secured your WordPress

Before you read this, have you read: What Is GoDaddy?

How to bulk up your WordPress?

You just reached home, had a shower and wanted to continue monitoring your business website, but your site…is hacked.

Imagine all of the magical words thrown into the air in your house.

Furthermore, having that idea that you need to start from a scratch again, makes the volcano inside risen up. I do feel you.

Coincidentally, I have found myself a method to actually safeguard my site. You would want to take a peek down there for your future precautions.

As we Malaysians know, WordPress site hacking is much more common than we’d like it to be, and they don’t hold their steps. It is reported that over 81,000 hacked sites are submitted in 2009, following up to 98k, 144k, and 170k in subsequent years.

Currently, our fingers had lost count with one humongous report after another. Literally, hundreds of thousands of WordPress are barged through every year, while possibly millions of them remain susceptible.

Why would someone hack your website?

It is actually a fact that the majority of the cyber skirmish are automated. This says that various bots (pieces of software) spawn by hackers crawl the web and look for penetrable sites.

Let’s say if they’re successful, the raided site gets added to the culprit’s memorial book, so to speak, and can be various purposes.

To put in words, your site by itself isn’t the best loot, but 10,000 sites just like yours are the golden chest for a hacker. Such a network of hacked sites can be used for things like Black Hat SEO, mass email sending, database scraping (to get your users’ personal info) and so on.

You really shouldn’t feel armored enough just because/if you run a tiny business. Hackers are not choosy, they don’t discriminate.

Let’s get the positive vibes into the spotlight, too much darkness in the introduction.

Trick 1 : Shield your Administrator Account

By any circumstances, I forbid you do not use an obvious login/username for your main Administrator account, like “admin” or “Jeff” for example.

This is child’s play for the hackers to play in. Instead, go with something fun, like “blue-commander” or “anak-kucing”. The usernames in WordPress can’t be altered once set during install. So here’s what you should do:

  • Establish a new user account in Users > Add New. Assign it to the Administrator role
  • Delete your original Administrator account (also in Users)

Trick 2 : Utilize and Editor account for content work

Using your main Administrator account for editing/publishing work (or when working with content in general) can be risky.

Especially if you’re using Wi-Fi at a mamak or something. Instead, create an Editor account for all content work you conduct. Again, ensure the login non-obvious. Do this in Users > Add New.

Trick 3 : Use Secure Passwords

Please … I beg of you … don’t use passwords that are easy to guess. Like the “123456” or your birthday’s date or anything that’s a combination of common words (e.g.MariahCarey1).

Instead, follow this path:
1. Craft one, just one, ultra-secure and distinct password for yourself.
2. Sign up to LastPass (it’s free) and set that ultra-secure password as your main “vault password.”
3. Then, use LastPass to generate safe passwords for everything going on with your site.

Additionally, force the people who also have access to your site to do the same.

Trick 4 : Limit login attempts

Password guessing is a real deal of a threat. Basically, a bot, or even a human, can make multiple attempts at guessing your login/password combinations until they get it correct eventually. They may not succeed in the first 10-20 trials.

But if you’re using a mid-complex distinct password, then the 100,000th attempt can be successful.
Solution? Limit the possible login attempts with an appropriate plugin.

Trick 5 : Protect your own Machine

Apart from making your site itself protected, you also must take care of the PCs you’re using to access the site.

There are all kinds of viruses and trojans out there. Starting from simple keyloggers that will pay close attention to your keystrokes and then try recreating your login and password, to direct FTP-based bots that look for open FTP connections and then upload a hacked file straight to your server.

The solution is simple. Babysit your computer. Use excellent anti-virus software.

Trick 6 : Update WordPress regularly

Updating WordPress is one of those things that everyone realized they need to be doing, but we still somehow end up forgetting about it. So let me tell you why it is, indeed, crucial.

A detailed change log goes alongside every new release of WordPress. In that changelog, every bug that’s been fixed is listed and shown. In other words, it’s a bible for hackers who want to target older versions of WordPress.

How serious this can be? Well, last year, the WordPress team announced that all versions prior to 3.9.2 were vulnerable to cross-site scripting hacks. Around 86% of all WordPress sites were unshielded at the time.

And a bit more recently, the Sucuri guys detected a malware cult going to be taking their baby steps.

Luckily for us, the solution is very simple most of the time … just enable auto-updates for your WordPress site, or always perform an update manually as soon as you see a notification.

Trick 7 : Update Plugins regularly

When it comes to updates, it’s not only WordPress itself that needs to be kept up to date.

The plugins also face the same thing and the consequences can be quite damaging if you neglect and forget this.

For example, a while ago, there was this huge MailPoet problem.
(MailPoet is a famous email marketing plugin – you can utilize it to send email newsletters to your list of contacts directly through your WordPress blog.)

The issue was that a bug in MailPoet that allows hackers to upload PHP executable files to your web server, and conquer the site entirely. 50,000 sites got hacked.

So what’s the lesson here? Oftenly update your plugins as soon as a notification appears. You just don’t know when a new treasure spot gets discovered and then fixed by a subsequent update.

If you hide the passage, you might prevent the bad guys the time to successfully hijack your site.

Trick 8 : Backup your Site oftenly

Yeah I know, backups won’t save your site from getting hacked. Nonetheless, they are an absolutely mandatory thing to have in case things go untamed!

Backups are invaluable. If you have a recent backup of your site then you will be able to revive it back to normal no matter what bad scenario might happen.

Two of the best methods to have this taken care of:

  • through a free plugin – WordPress backup to Dropbox– it takes your files and database contents, and keeps it in your Dropbox account. Everything completed on autopilot once a day; or:
  • through VaultPress– a more feature-rich solution (a paid one; starts at RM410/year).

Trick 9 : Choose the Best Web Host you can Afford

Right up front, I have to be clear with you and admit that cheap (RM12/mo) web hosts aren’t much awesome.

Daniel (my friend), for instance, experienced an infected server by malicious code while running on an inexpensive RM20/month hosting plan. His site, his domain, and his WordPress were not even involved in the hazard. It’s the server itself that got hacked.

What can we learn from here?

Don’t save money on your server plan. Always go for the best web hosting service that you can afford.

Some quality recommendations:

Trick 10 : Only Download Plugins and Themes from Known Sources

Accidental vulnerabilities, let’s name them that way, aren’t the only thing that can bite you.

There are also intentional vulnerabilities.

For instance, if you get a plugin from a shady source, it might feature source code designed specifically to hack your site. In that case, by getting the plugin, it’s you who’s effectively hacking your own site.

The same thing goes for themes.
Whether you are starting a blog or creating a website with WordPress, ONLY us well-known plugins and themes.

How to find quality plugins and themes?

The first places to go are the official theme and plugin directories at WordPress.org. The downloads there don’t feature deliberately red-zoned code.

When it comes to premium themes and plugins, you need to go by the seller’s reputation. ThemeForest and CodeCanyon are generally safe due to the lengthy and thorough review process for each new theme and plugin submitted there.


There are more tricks to guide you through, but personally, I think these are the fundamentals of everything.

Please do think about protecting your website, it’s better to prevent than curing/repeating.

Stay Protected.

Next Post: What Is Web Hosting?

Still Don't Know What You Want?

Tell us about your business and we’ll match the best hosting to your website.

Talk To Us

Get in touch with us to help chart the best path forward for you.

Call/Whatsapp Us

Call to learn more about us, we are just a phone call away.

+6 016 525 1180

Mail Us

Drop us a message, we’re always standing by and eager to help.