We see it every day, WordPress websites are attacked, usually by robots, sometimes manually. Usually they are out to hack the site and then use it as a hub to launch other larger attacks, or use the site as a spam machine. They then take advantage of the good reputation of the server (which then has no such good reputation left.
Tips from Vicus:
- Make sure there are no users in the system who do not need to enter the system. Turn them off or remove them.
- Give users the role they use; not too many rights they won't use anyway.
- Create one admin user that has extended privileges. Give this WordPress user an extremely strong password.
- Remove all themes that are not being used
- Remove all plug-ins that are not used
There are several plug-ins that make WordPress more secure. There are few that have all the above factors in them. In any case, Wordfence lays a good foundation for defending your WordPress website.
Scan
Scan- Regularly
- Your source files of the standard WordPress software, as well as all plug-ins and themes.
- Rear doors
- DNS changes
Detect
Detect- Whether the server your WordPress is running on is known as a spammer
Protect
- Keys to users' passwords
- Disk space
- Force strong passwords
- Spam filter on comments
- 2-step authentication when logging in (e.g. via an SMS as many banks also use), set this up at least for your admin user.
Block
Block- All visitors outside the Netherlands are banned; that already saves a lot. This of course concerns visitors who want to log in as administrator or editor.
- Visitors from specific IP numbers
- Fake Google bots
- Brute force attacks
- Get a scanner that recognizes viruses and robots
Repair
Repair- Restore original files
Recent Messages
- Why Dutch companies should choose Big Tech-independent ICT now February 16, 2026
- Expert story: Jisse Reitsma about Loki February 10, 2026
- Loki Extensions for Magento: a faster webshop without building everything from scratch February 10, 2026
Also interesting
no messages found
