10 Advanced WordPress Security tips learnt after my site got hacked

Do you know how much can a malware attack on your wordpress site cost you ? Most of us do not realise this until it happens to us, I have also realised the importance of wordpress security after getting attacked by Malware in 2018.

This Malware attack costed me > ₹ 100,000 /- and 6 months time. But please note I have immediately acted and took action to take control of the situation, but assume you were not in focus and leave such malware attack for more than 2 weeks it can lead to irreparable damage. 

Read in details what happened with my diabetes blog in 2018 and how did I control the situation.

Quick Navigation
How to make your wordpress website secure ?
My wordpress site go hacked ??
What did I do to clean Malware on my wordpress site ?
Impact on my Blog traffic due to malware
How much did this Malware attack cost me ?
How much vulnerable is wordpress to malware attacks
Tips to make your wordpress website secure
Best WordPress Security Plugins
My recommendation to you about wordpress security plugin is

How to make your wordpress website secure ?

My wordpress site go hacked ??

One day a participant of 8 weeks diabetes challenge (program I run for my diabetes blog ) has sent me a whatsapp message saying that, she is not able to access the tasks, when she opens the page, it is showing something in Chinese.

I thought maybe she has some issues with browser or something, I was doubtful but did not give much importance. But later on what happened scared me like hell. Later I could understand my blog would have been ruined by security issues like malware and hacking.

Going into the details, after that incident one more Reader of my blog reported some pages being shown in Chinese and she send the screenshot.

malware attack
  • Save

when searched for blood glucose meters in India in google, my website use to rank for position 2-3, but suddenly it shows everything in Chinese, you can see the picture above.

then I have got really doubtful and thought should act very soon and have searched on google and understood it is a kind of malware attack.

I was shocked, but I have to do something !!

What did I do to clean Malware on my wordpress site ?

So what can I do is take assistance from WordPress security experts like Succuri or wordfence. I felt wordfence is in my budget , So I have subscribed to wordfence premium which costed $99 per year.  

Thinking that Site cleaning will be offered by Wordfence free of cost, But they they did not offer it free of cost but they have said that, they can give me a discount of $ 99 .

wordpress security
  • Save


Original cost of site cleaning service is $179 but they are offering it to me for $88.

I thought ok, let me go with it, I cannot let my site ruined by Malware.

  1. My 3 years of hard work

  2. My 3 years of patience

  3. Fact that it  started generating money just 6 months ago

  4. Traffic has dropped

With all these things in mind, I have paid for the service and wordfence team worked on it cleaned the site and generated a report which suggested things like

  1. They mentioned they were not able to understand how hackers could get into my site.

  2. Update all the passwords like hosting account password, wordpress admin password,FTP passwords etc.

  3. Enable 2 factor authentication using wordfence.

  4. Remove any plugins which are abandoned

My blog was making around 25000 per month at that time when this happened, My online course - 8 weeks diabetes challenge which I have made using learnpress was not accessible.

luckily all of the participants are in my whatsapp group and also are signed up for my Email newsletter, So I could carry on with the 8 weeks diabetes challenge program successfully.

Now how much did it cost $ 99 + $80 = $ 179

Impact on my Blog traffic due to malware

Cost in money was one thing clearly visible, But I have seen that before this malware attack happened my traffic also went down, Google was penalising me. I felt very bad.

  • That way I have lost a lot of traffic, I used to get >400 visitors every day but due to his no of visitors fell down to <200 visitors per day.
  • At the time of malware attack no of visitors fell down <100.
  • Due to this I was really frustrated, It took a lot of time for me to get back and start fixing things and now my website on an average has >300 visitors.

I have lost more than a 1000$ by not having a Security plugin for my wordpress site dont do this # 1 blunder mistake I did with my Blog.

Click to Tweet

How much did this Malware attack cost me ?

Let us assume you are earning 20000 per month, and if your readers understand your site is infected with virus, they will hesitate to use the payment gateway on your website.

Luckily I could manage to remove the malware and clean the site completely within a week but had issues with google search console with indexing of few pages, Traffic has come down by 50% that means loss of revenue by 50%. 

My blog was making around 25000 per month and then after my revenues dropped to half till 8 more months.

So 8 x 12500 = Approximate loss of 1 lakh rupees.

How much vulnerable is wordpress to malware attacks

As per a survey conducted by Netcraft there are 1,652,185,816 websites. Out of them 495,655,744 websites run on wordpress. i.e 30 % of the websites are run on wordpress, WordPress being open source is more predictable to hackers. 

wordpress due to its functionality is the no#1 content management system

As per investigations done by Succuri, A wordpress Security expert out of 100 websites hacked in 2018, 90 were run on wordpress. i.e 90%

wordpress security
  • Save

Advanced Tips to make your wordpress website secure

Using a good wordpress security plugin like wordfence or Succuri is an obvious recommendation but what are the other things which can be done to improve security of your wordpress website.

  • Choose good quality hosting like siteground, wpengine, a2hosting, and bluehost.
  • Use a premium theme or template, don't use free themes or nulled themes which have several loop holes through which hackers can gain access to your website.
  • Install SSL Certificate, you can request your hosting service to do this for you, Almost every hosting company offers a free Let’s Encrypt SSL certificate which you can installed on your site, just contact your website host.
  • Keep your wordpress version upto date.
  • Create strong passwords , Use logic to make passwords easy to remember for you yet difficult for someone else to guess. I will tell you for example let us assume your purchased your bike on March 19, 2019 and the bike colour is blue and model is honda shine, then password can be - HS@19mar2019#blue , this type of passwords are easy for you to remember and difficult for hackers.
  • Do not use the default admin name like admin as your username, create a unique user name which is not your gmail id or any id which you commonly use.
  • Use 2 factor authentication plugin to ensure no one can access your website without having your password and access to your phone.
  • Do not use Abandoned wordpress plugins which are not being updated since more than 3 months. Any plugin which is not updated since long time makes it vulnerable to malware and security threats.

Best WordPress Security Plugins

There are many wordpress security plugins like wordfence, Succuri, Allinone-WP security & Firewall, Malcare and Ithemes Security , you can read in detail about all the details about security plugins

My recommendations are just 2 of them Succuri and Wordfence.

As I was using wordfence since 1 year I will write a detailed review including how to setup wordfence soon

  • Succuri premium - $199 /year 
  • Wordfence premium - $99 / year
  • Secupress premium - $59 / year
  • Ithemes security pro - $80 / year

My recommendation to you about wordpress security plugin is

Is your blog earning more than 200 $ profit a month

install wordfence premium 

Is your blog earning less than 50 $ profit a month

Install wordfence premium or wordfence free version

Is your blog not earning anything?

Install wordfence free version

  • Save
Gowardhan Doddi
Founder - www.healthydietfordiabetics.com

As Bloggers we should take security of our website / blog very seriously like we take care of our home security. Creating strong passwords, using two factor authentication and good wordpress security plugin like Wordfence . 


By doing all these you can secure your website from malware and avoid loss of money and time on your blog.


I want to hear tips you follow to keep your wordpress site secure ??


niche check list
  • Save

Get out Niche Selection checklist with Assement to know how much your blog can earn!

By subscribing you agree to our terms & conditions

wordpress security
  • Save
2 Shares
    • >
    2 Shares 1.6K views
    Share via
    Facebook
    Twitter
    LinkedIn
    Mix
    Pinterest
    Tumblr
    Skype
    Buffer
    Pocket
    VKontakte
    Xing
    Reddit
    Flipboard
    MySpace
    Delicious
    Amazon
    Digg
    Evernote
    Blogger
    LiveJournal
    Baidu
    NewsVine
    Yummly
    Yahoo
    WhatsApp
    Viber
    SMS
    Telegram
    Facebook Messenger
    Like
    Email
    Print
    Copy Link
    Powered by Social Snap
    Copy link
    CopyCopied
    Powered by Social Snap