WordPress has grown to become one of the most popular content management systems (CMS). Millions of website owners use WordPress to promote their business across the world. With so many users and an outlook for continuous growth in the future, it is important that WordPress users also learn how to protect their WordPress websites from being attacked by hackers or malware. Many of you might think that your WordPress website is safe and highly unlikely to be the subject of an attack because there are millions of other websites out there. However, attacks today are largely done on a number of websites at any one time.

There are many plugins available out there for protecting the websites from hackers’ attack or from malicious scripts though you cannot completely rely on these plugins and cannot expect that these would work 100% according to our need and will protect our website completely. It is very important for you to increase your defence against these silent attacks by making sure that your plug-in versions are always updated and contain the latest fixes for known holes, which hacking bots are looking for.

Even plugins developed by top experts and several programmers are open up all kinds of security vulnerabilities in your site or simply tank its performance. There are various plugins which are affected by some or the other malware which can be called as phishing bank virus.

Most hosting platforms are designed to be everything to everyone. If you select a hosting provider that specializes in WordPress and is proactive in its approaches to security, your chances of having performance, operational, or security issues will be lesser.

Most recent WordPress Malware Infection: WP Caching Plugin

WP Cache is a well know plugin used in WordPress websites. It has been recently accused of hosting a malware through it’s security loop hole leading to all kinds of trouble for the Website customers.

Symptoms of Malware Infection:

  • The folder which is affected by Virus would have the blank file of _index.html
  • The speed of your websites would go tremendously low or it would not be available on the server.
  • If your website is affected by any Virus/malware then your Hosting provider would block port 80, due to these consequences the hosting provider would not give any response to the server and your website would not be visible to users. Below is the screenshot which would be visible in cpanel if the hosting provider blocks Port 80.

TCP Block Alert

  • In SEO, Google would throw 524 or 503 server error for your website in Search Console.
  • It will also affect search engine rankings of your website keywords.

How to protect your website from such issues?

To secure your WordPress website:

Step 1: Login into the C Panel of your Website

Step 2: Search for Virus scanner and scan your website

virus scanner

Step 3: Select “Scan Entire Home directory” which you want to scan.

Start a new scan

Step 4: After Clicking on “Scan Now,” you’ll get the affected URL list as shown in below image.

Scan result

Step 5: To remove the entire affected URL from the list, you just have to select all URL’s and then select “Process Cleanup”.


If you follow these guidelines and make the recommended changes, your WordPress site (and all your other accounts for that matter) will be as secure as reasonably possible.

Other than this you can also adapt following things at a regular interval.

  • Scan your website content regularly
  • Check your website hosting Space manually and delete those files and folders which are not uploaded by you.
  • Make sure the third party plugin, themes and applications are updated to latest version.

These all methods would definitely increase the security of your website. It is important to consult a WordPress Development Company post any virus/ malware infection to ensure there isn’t any dormant threat.

Several thousand WordPress sites were hacked last year, because of easily preventable security gaps. Securing a WordPress site is about so much more than installing a security plugin and walking away. As the saying goes, “Prevention is the better than cure” you have to prevent your website from external threat and be pro-active since it’s the core branding of your business.