Mod Security – How To Protect Your WordPress Site From Hackers

man in gray blazer raising drinking glass while sitting on sofa

As long as there are personal and business websites, there will be hackers who, for reasons unknown, think hacking a website is a thing to do. Personally, I have had all my websites hacked at one time or another over the last few years. It is a royal pain in the butt to clean and reconstruct a hacked WordPress website. I try to keep a good attitude and look at it as a great time for a total redesign and I also make sure to add more protection measures to keep the hackers out.

My number one security resource is WordFence Security Plugin. I use the free version, which is great, but I do know site owners who are upgraded to the pro version automatically.


First, end any polls or sections of your website that you are not sure about.

Second, create a file called ‘robots.txt’ in the root of your site. This can be used to tell Search Engines and other search engines what is and what is not a valid location to include in a robots.txt file.


Be aware that if you posting more information about yourself, you may eventually attract some unwanted attention. This does not mean you are a potential hacker! It is a good idea to back up your data and your site or blog somewhere so that if you do become a victim, you will have all the evidence and facts to present at the right time.

If you are hacked, it is best to back up all of your data on your computer and then wipe your hard drive. That way you won’t lose anything if your hard drive becomes corrupted. If you are lucky enough, you will be able to still view your files.


There are many sites that will not be completely honest about what they are doing. You may encounter sites that say, ‘We have detected an unauthorized transaction on your account.’ What they are doing is trying to trick you into giving them your personal information or password. This is not a good way to listen to them because they could be saying that about anyone’s account. Typically, they will change the locks on your account or they will ask you to repeat your user name and password several times. Take away any privileges they try to give you and delete their emails. This will greatly decrease your chances of becoming a victim.

Your Hosting Company

It is a very good idea to choose a hosting company that offers encrypted data encryption. One way to do this is to send via text only or image only. If you can also upload to a file host, that is also a great way to hide your IP Address. You can also hide your IP address by using a different server name. Just make sure it is a well known server and one that you trust will take down my link.

I had a rogue SSL certificate for three years before I finally got rid of it. This certificate was installed by a hacker on my site using a WordPress plugin. It was really tricky to get rid of because it was set to auto-update every day and would give me a lot of trouble every time I tried to update it. The last time I tried, I got it down to about three minutes. I would recommend that you monitor your site’s traffic and beware of any suspicious visitors. If your on a site that is not secure, report it to the administration of the site first. Remember that these certificates can be costly to get rid of. For my site, I had to contact the WordPress Mail Hosting Company to get the rogue SSL certificate removed. It only makes sense to look into an anonymous proxy service when you are besieged by these types of problems.

person in white shirt sitting on chair
Mod Security – How To Protect Your WordPress Site From Hackers
These Are The Hackers Of Our Life