luckily i was taking a backup and restored everything, but it took me so much time and energy,
i want to know how i can prevent this from happening in the future and how i can secure myself from future attacks?
]]>There are a number of plugins that can be used to help lock down a WordPress site, including iThemes Security, Sucuri, and Wordfence.
I use Wordfence on all my sites.
You’re ahead of the game in that you backup your site! Whatever you do, keep doing that.
]]>Maybe you can refer to this site as well: https://www.codeinwp.com/blog/secure-your-wordpress-website/
very useful.
]]>– Don’t use default wordpress Table Prefix.
– change the admin name, Use some other username
– change the admin URL from wp-admin to some other URL
– set proper directory permission.
– disallow file editing.
– Block Access to XMLRPC.
– enable Google Captcha for login form and forgot password.
– User Enumeration
Above all points we can cover from All In One WP Security & Firewall plugin. https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/
]]>Aaron Campbell is the security lead for WP.
]]>