WordPress is the most used CMS system in the world and therefore a popular target for attacks. Even a secure server can send spam if websites hosted on it are not secure. In this article, we will discuss four tips to keep your WordPress website safe and prevent your website from sending spam:
Installing WordFence
WordFence is an endpoint firewall and malware scanner for WordPress websites and is a good choice to secure your website. You install and use the plugin as follows:
Step 1
Log in to the admin environment of your WordPress website (e.g. https://example.com/wp-admin).
Step 2
Click 'Plugins' on the left and then 'Add New'.

Step 3
At the top right, look for 'Wordfence' and click 'Install Now' at 'Wordfence Security - Firewall & Malware Scan'.

Step 4
After installation, the 'Install Now' button will change to 'Activate' to enable WordFence.

Step 5
WordFence will automatically scan your website. You will see an option in which you can enter an email address to which the results are sent. Select whether or not you want to receive security alerts and news, check the option with which you agree to the conditions and click 'Continue'.

Step 6
You now get an option to choose whether you want to use the paid premium version. You can always upgrade later, so choose 'No, thanks' now.
Step 7
A Wordfence option has now appeared in the left menu in your admin environment. Click on it to open Wordfence. You will first see a brief explanation of the WordPress environment.
After reading that, click 'Yes, enable auto-update' and then click 'Click here to configure'.

Step 8
Please note: Step 8 and 9 of this section cannot be used if your WordPress website is hosted on our webhosting platform.
This is because the PHP auto_prepend_file function is disabled on our webhosting platform for stability reasons, but is required for these steps.
This means that WordFence Firewall can't operate on webhosting subscriptions prior to malicious code being executed. The firewall does otherwise function normally howevver and all other functions of WordFence are available. So we still recommend using it on webhosting subscriptions as well.
Wordfence now offers to install a .htaccess file. This file ensures that Wordfence is executed before malicious code is executed. Download the backup and then click 'Continue' to automatically install this file on your WordPress website.

Step 9
Options such as brute force protection are automatically activated. Click 'Optimize the wordfence firewall' to make another adjustment, as in the previous step, to your .htaccess file and this time also to user.ini.

Download the .htaccess and user.ini backups and click 'Continue' to apply these adjustments automatically.

The message to optimize Wordfence will still be visible, even though you have already gone through these steps. Click ‘Dismiss’ to stop seeing it.
Step 10
Now click 'Scan' in the left menu under 'Wordfence'. Wordfence basically does this automatically for you, but you can also scan manually by clicking 'Start new scan' to scan your website.
Wordfence will give you a score indicating how well your website is secured. Your website is perfectly secured after these steps and the only method to get the score at 100% is to take a premium subscription. However, this is optional and not necessarily required.
Using a captcha
If your WordPress website uses a contact form, it is advisable to use a Captcha. A Captcha determines whether a website visitor is a computer or a person. By using a Captcha, you prevent automatic bots from filling in your form, which can be abused to send spam.
A very good choice for this is Google's reCAPTCHA. This adds a Captcha that automatically protects your forms. You only need to do two things:
- Create a reCAPTCHA at Google (use the Admin console on this page).
- Add the text [recaptcha] to your contact form. The code of your form may, for example, look like this (this is an example of Contact Form 7):
<label> Name (required) [text* your-name] </label> <label> Email (required) [email* your-email] </label> <label> Message (required) [textarea your-message] </label> [recaptcha] <br /> [submit "Send"]
Updating plugins and Themes
Updating your plugins and themes is one of the most important measures you can take to keep your VPS safe. WordPress uses a very simple process for this:
Step 1
Log in to the admin environment of your WordPress website (e.g. https://example.com/wp-admin).
Step 2
When updates are available, you will see an icon at the top with a number for the number of plugins and themes for which an update is available. Click this icon or 'updates' under 'dashboard'.

Step 3
You now land on a page from which you can easily update all plugins at once. First, click 'Select All' under 'Plugins' and then click 'Update Plugins'.

When this process is finished, you will return to the previous page with 'Return to WordPRess Updates page'. Now click 'Select All' under 'Themes' and then click 'UpdateThemes'.
Updating WordPress
Besides your plugins and themes, it is important to keep WordPress up-to-date (this happens automatically from WordPress 3.7 and on). Not only from a safety point of view but also to work optimally with the latest PHP versions, for example. You can update WordPress automatically or manually. For the latter, see 'Updating WordPress manually'.
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.

Comments