Skip to main content

After writing this post, I received a call from a panicked friend that they were locked out of their site because the plugins were conflicting with each other. I added a section at the bottom that explains why this happens and how to fix the issue. Please, make sure to read “Read This Before Installing Plugins.”

Imagine getting your new website setup and everything is up to date and running perfectly, but one day you login and see ‘canadian viagra pharmacy’ scrolled across the top of the website. In fact, it’s just not words put in the header, there’s also a link to some off-the-wall site that you’ve never heard of. You begin to panic a bit and Google what it may be, but everything you find seems over complicated or keeps referring to your site back-up to get everything back to normal.

The problem… you didn’t create a site back-up. Actually, doing a back-up never crossed your mind, but you’re regretting that now. Yikes.

Some of these hacks can bury themselves quite deep into the files of a site, so just scanning through and trying to delete or edit the files may not be enough. At this point, you likely need to call in a professional to help scan the local environment and website and beef up your sites security.

But we’re here to help you prepare for an attack before the above story comes true for you. If you’re using WordPress, you’ll love this list! If you are using another CMS, a lot of host providers (Bluehost, Go Daddy, etc), can help with security, firewalls, and back-ups, or you can ask your developer for help with these settings. Either way, you should be treating this list as a resource to complete ASAP – you’ll thank us later – and once complete, you’re done… no need to constantly babysit the plugins.

1. Back-Up, Back-Up, Back-Up

Right now, you should have a back-up of your website. You should actually be doing this on a frequent basis, depending on how often you update your site. These back-ups will help you if anything happens to the site, including totally being shut-down from an attack or because you decided to start editing the code of the site. There are tons of free plugins for WordPress to help you with this, but we really like UpdraftPlus Backup and Restoration. You can download this plugin within your website and get a back-up of your site within minutes. Save this copy somewhere safe, then adjust the settings to do auto-back-ups for you. You can also store the back-ups in your favorite cloud. There is a paid version of this plugin, but for most, small websites, the free version should be fine.

2. Security

Again, there are a lot of options out there to keep your site more secure, but we like Sucuri Security. It helps protect against malware and login attacks. There is a paid and free version of this plugin too, but for small businesses, the free version should be fine. Make sure to check out the ‘Hardening’ tab and harden all of the options that are available. In ‘Settings,’ make sure to turn on the ‘Alert Settings’ too.

Please read Read This Before Installing Security Plugins” in conclusion for exemptions or when conflicting plugins lock you out of your site.

3. Firewall

With Sucuri Security, you’ll see an alert that suggests getting a firewall. You can sign-up for Sucuri’s firewall if you like, or use the free, Simple Security Firewall plugin. Be very careful with this plugin, because you can lock yourself out of your site. Keep track of login information and you will be fine. Once you download the plugin, enable the ‘Firewall’ and click on the option to ‘Whitelist Search Engine Bots.’ We also recommend enabling the following parts of the plugin: Admin Access Restriction, Login Protection, and Audit Trail. Our favorite part of Login Protection is the ability to change the URL of the login page. WordPress makes all login URLs the same – changing it is just a simple step to helping to throw off would be hackers. Also, try changing your username from the WordPress norm of ‘admin’ to something different – anything different – to help make it harder to login to your site.

Please read “Read This Before Installing Security Plugins” in conclusion for exemptions or when conflicting plugins lock you out of your site.


That’s it. With those 3 simple plugins, you can beef up the security of your site and protect yourself from malware attacks. And if you’re telling yourself that this is a bit overkill, let me remind you that it is better to be safe than sorry. If you wait until it’s too late and an attack has brought down your entire site, you’re looking at spending more money on repairing the damage… and perhaps losing the site altogether.

Read This Before Installing Security Plugins

Security plugins have the tendency to lock you out of your website. Not because they are faulty – the exact opposite – they are highly secure, but they can conflict with each other. Here are two things to keep in mind when downloading security systems like these:

  1. If you do get locked out of your own site. Don’t panic. With access through your host (Bluehost, Go Daddy, etc.) you can access the File Manager and delete any installed plugins. Simply, go into the site root directory and find the folders: wp-content > plugins. Delete the plugin(s) that is locking you out of the site.
  2. For Simple Security Firewall, I found that when the G.A.S.P Protection was checked, it would not allow me to login – there was a box that had to be checked to verify human login, but it never ‘read’ that the box was checked. To fix this, I had to follow the process through step 1, then login to my site and go to the Simple Firewall plugin. Under Login Protection > Brute Force, uncheck the G.A.S.P Protection box and save.
Kasy Allen

Kasy brings years of experience in search engine optimization (SEO), content strategy, Internet marketing, and overall web-geekery to the table. She enjoys writing on the web and improving user experience across the Annapurna site, as well as with our clients. When Kasy is out of the office, she can often be found volunteering her time to help non-profit organizations build a better online presence and exploring the great outdoors with her family.

Leave a Reply