how to keep wordpress website spam virus free
Attacks on WordPress are increasingly becoming common because of the accessibility of hacking tools online. Hackers are also taking advantage of sites with outdated themes and plugins. Here are 7 ways you can keep spam and viruses from your WordPress site.

1. Update Your Site’s Plugins and Themes Regularly

Theme and plugin updates have vital security patches needed to fix bugs and vulnerabilities on your site. Hackers tend to exploit sites with outdated themes and plugins. Having the best antivirus on your WordPress website can keep them away if you regularly update the antivirus too.

2. Encrypt Data Using SSL

An SSL (Secure Socket Layer) certificate can secure the data transfer between the server and user browsers. It makes it difficult for unauthorized users to spoof your data or breach your site. You can buy the SSL certificate from a third-party provider or get one free from your hosting company.

3. Password-Protect the Wp-Admin Directory

The wp-admin directory has most of the essential files of your WordPress website. It gives access to your site’s themes, plugins and login page. Consider setting a password to protect this directory against hackers. You can rely on a plugin such as Ask Apache Password Protect to secure your site’s admin area.

4. Log Idle Users Out of Your Website

As the web administrator of a WordPress site, you should ensure that the site does not have any idle logins. Use a plugin such as bulletproof security to automatically log out idle users. Such a plugin can let you set a custom time limit for allowing idle logins. You can also request the users to remember to end their active sessions.

5. Change Your Passwords Regularly

always change passwords
Passwords tend to become obsolete and susceptible to the password hacking tools that are available today. You can secure your WordPress website by changing the passwords regularly. Consider mixing special characters, numbers, lowercase letters and uppercase letters when creating them. You can also use browser add-ons that let you generate safe passwords and store them in your browser.

6. Use 2-Factor Authentication

With 2-factor authentication (2FA), your site’s users will be providing login information for two different components. As a website owner, you get to decide what these two components will be. You can choose to set a regular password for the first component and a secret code for the second one. It is quite impossible for hackers to gain access to a website with 2-factor authentication.

7. Ban Multiple Login Attempts

At times, hackers succeed to infiltrate a WordPress site by logging into the site multiple times. You can prevent them by setting up a website lockdown feature for failed login attempts. You will receive notifications from the admin area once your site records the login attempts. iThemes Security is one of the plugins you can use to implement this feature.


suspicious guy
The steps you take to safeguard your WordPress website determine whether it will remain credible to its targeted audience. Regardless of the type of website you are running, make an effort of sticking to the seven tips explained above. Flag any suspicious activity you notice on the website to prevent potential hacking attempts.