Cyber attacks on WordPress is becoming a big issue with each passing day. At Front2Back Studio we are getting more requests of WordPress malware cleanup or some other form of malicious code on a WordPress install. When these types of attacks happen, your website may be down for hours or even days before everything gets cleaned up. So, please take a few minutes and protect your valuable investment from WordPress cyber attacks by installing at least one of these plugins. If you don’t know how to install a WordPress plugin, you can learn how to by clicking here but the short version is that you log in to your WordPress admin (as an administrator), head over to plugins tab on the far left corner and click on add new.

Anti-Malware Security and Brute-Force Firewall

This is a neat free plugin that can scan your WordPress install and find malicious code. Once you’ve installed it, the first thing you’d do is run a complete scan and see if you there are any issues that may be opening up your site for attacks. Usually cyber hackers would send some malicious code into your website before a formal attack. Running this scan can help you catch that. The best part about this plugin is that it’ll help you clean up your files.

Wordfence Security

Wordfence provides a suite of protection products. Their free version is great for monitoring your website. I use it to track any changes to files, any plugin or theme updates that are due and most importantly, any logins at the admin level. This allows you to know what’s happening to your website so you can respond on time. WordPress malware attacks are usually detected via changes in files and suspicious logins, so this plugin puts you in a great position to respond quickly. Another great feature of this plugin is country/IP blocking. This allows you to block traffic from countries/IP that you have no business getting traffic from. The sad truth is that there seems to be a large number of attacks from certain countries and so if you don’t expect/need traffic from them then you can safely turn them off.


Sucuri is the big guns when it comes to website security. They continuously monitor your website for any possible attacks, denial of service blocking (a form of attack) among other preventive measures. Sucuri products are not limited to just WordPress. They work with a number of web platforms. Sucuri offers cleanup in case you discover that you’ve been hacked.

The Best Defense Is A Good Offence

Like a wise football legend said, “The best defense is a good offense!”. In order to protect yourself, these enforcing these measures goes a long way:

– Set a password that is hard to remember,

– keep your WordPress install, plugins and themes version as current as possible,

– after a WordPress developer works on your website, change passwords,

– use a reputable web host for your website, like Bluehost

I hope this was helpful and that you’ll take the time to secure your website. It’s so much easier to prevent an attack than to clean up after the effect.