If your website is secured at shorter intervals, this is a good protection against hacker attacks. In this way, the website can be restored after infection or destruction by an emergency attack. For websites that are constantly updated, a daily backup should be performed. If the website is only occasionally updated with new content, then weekly or monthly backups are sufficient.
Backups can be performed manually. The data can be downloaded from the web server to the local computer via the FTP client (e.g. FileZilla). The database is saved via PHPMyAdmin in the customer account of the provider and also stored on the own computer.
Automatic backup with plugin
With a suitable backup plug-in such as BackWPup or UpdraftPlus, both the data and the database can be backed up in various formats and then saved locally on your own PC. However, it is also possible to save the download of the backups to your own dropbox or Google Cloud account.
Security of the admin area
What is especially important is that the admin area should be protected from hackers. With WordPress the login link is always: www.ihrewebsite.com/wp-admin or …/wp-login.php.
To rename the login URL, you can use the plugin “Rename wp-login.php”. This will completely isolate the login page.
There is another plugin for two-way authentication: “Google Authenticator”. This secures the login area in the form that in addition to the normal access data another code must be entered in the login form. However, you need an app for your smartphone which generates a new login code each time.
backup via .htaccess
Another security measure is the server-side protection of the “wp-login.php”. A .htaccess and .htpasswd file must be created here, provided you are hosting on an Apache web server.
Unfortunately, the use of most security plugins is no longer DSGVO compliant, as they record user data. Therefore we do not list these plugins here any more. In individual cases, however, it can also be checked whether the conformity still exists.
With the mentioned measures the own WordPress installation can be secured very well against hacker attacks. However, there is no 100% security. If your own website is really hacked, you have the current backup of your website always at hand and can thus put your website online again.
If you do not want to do these things yourself, we will be happy to help you implement these measures.