TheeDigital > Blog > How To Prevent A Malware Nightmare In WordPress

How To Prevent A Malware Nightmare In WordPress

Richard Horvath
Last updated: WordPress 4 min read

Malware or malicious software as it’s also called can wreak havoc on your WordPress site, sending you in to a technology tailspin. Malware can come in all different shapes and sizes, harming and disrupting your site in extremely damaging ways. When your site is a victim of malware, it can come with a hefty price tag. Statistics show that malware attacks cost the average business more than two billion dollars every year.

How To Prevent A Malware Nightmare In WordPress

But, the loss goes far beyond that monetary value and can prove to be more costly. Malware can also result in a loss of information that you can’t put a price tag on.  Information loss is the most costly because oftentimes it can’t be retrieved, proving to be a real nightmare for businesses.

Before you can begin preventing a malware nightmare, you need to know what you’re up against. There are different types of malware to be on the lookout for. We’re going to take a closer look at what the most common ones are and how you can protect your site.

Different Types of Malware

Malware isn’t anything new. It’s been around long before the internet entered the scene. What is new is the way that hackers are getting into your site. They’re always coming up with innovative ways to be sneaky and get your information. Here are several of the most popular types of malware to be on the lookout for:

  • Computer Virus

If you hear someone say their computer has a virus, it means that software is replicating itself by inserting its own code into other programs. This can happen in so many different types of ways such as adding spam content to your site and infecting the computers of those who visit your site.

  • Spyware

As the name suggests, spyware is hiding to collect information. This can lead to personal data losses and data breaches.

  • Trojan horse

A trojan horse is software that appears to have one function but secretly performs other harmful actions. This can be in the form of corrupting your WordPress files or any other types of files in your computer.

  • Adware

If you experience adware, this is malware that forces you to click on an ad and interact with it before you can use a site. This can be annoying and is usually harmless. But, don’t let it fool you. It can still cause problems for your computer with just one click.

  • Ransomware

When your site is infected with ransomware, you won’t be able to use it until you pay the creators to remove it. So, your site is being held for ransom. This can lead to major shutdowns of a variety of sites.

  • Cryptocurrency miners

This is one of the newer types of malware you need to look for. This one infects a site to use its resources to mine bitcoins. It can make your site vulnerable and slow it down significantly.

Don’t be fooled; there are many more types of malware out there. Remember, hackers are smart and they’re always finding ways to create problems for you. These are some of the more common forms to be aware of so you can keep hackers and malware away.

How to Protect Your WordPress Site from Malware

When it comes to protecting your WordPress site from malware, there are some simple things you do to prevent a nightmare of problems.

Update, update, update!

This is the most important thing you can do to prevent a malware nightmare. Update every part of your site as soon as possible. Anytime you see a message that says updates are available, get them done. This includes WordPress itself as well as themes, files, and any plugins you have installed. If you keep older versions running, you’re making yourself more vulnerable to security problems.

WordPress makes it easy to update core files, plugins, and themes, to their latest versions. It’s so easy that it can be easy to forget. But WordPress makes it abundantly clear that you should pay attention to the warnings on the dashboard. Spending a few minutes installing updates can save you from a malware disaster.

Move wp-config.php into The Root Folder

The wp-config.php file contains all of your WordPress configuration information and settings. You can pretty much tap out if hackers gain access to this file. From here, they can inject malware into your website’s pages, or even worse, delete all your content and replace it with their own. A smart safety feature in WordPress allows you to move the wp-config.php file one level above the WordPress root. On most LAMP host servers, wp-config.php is located in:


Use your FTP client to connect into your server, and then move your wp-config.php above the public_html directory so that it is located here instead:


This way, wp-config.php is no longer in the public-facing root folder, thus disabling the scripts and bots that hackers use to infect your site.

There’s nothing more to this feature, WordPress automatically knows to look for your wp-config.php file one folder above.  Be aware that this will not work if you installed your blog in a subdirectory (e.g. public_html/blog) or as an add-on domain in cPanel (e.g.public_html/

Delete The Main Admin Account

The default administrator account on WordPress has a username of ‘admin’. If you leave this as your default username, you have made it too easy for hackers to get to work. Never use this as the main account. Always choose a different username when installing WordPress.

If you have been using the ‘admin’ account, go into the Dashboard » Users » Add New User screen. Create a new user with the role of administrator. Log out, and log back in as the new user.

Go to the User screen again and delete ‘admin’. WordPress allows you to transfer all of the content created by ‘admin’ to your new user account before confirming deletion.

Another benefit of getting rid of the admin account and switching to, say, your real name, is that it is better for SEO This way when somebody searches your name you will rank higher with than you will with

Create Regular Backups of Your Site

A backup is a copy of your site that you can use to go back to. Backups are a great tool to have on hand if your site is infected by malware. It can save you from losing data and content entirely. The backup allows you to restore the saved version to what your site was before it was attacked. You may lose some data depending on when you did the backup, but it won’t be nearly as damaging as having nothing to go back to at all.

Several plugins have backup features that make this is easy to do. You can also choose a support plan that includes regular backups so that you always have one in reserve.

Install a Security Plugin

There are several plugins available that provide a complete security system for your site. This can help to protect your WordPress site from the large variety of malware that can harm your computer.

Keeping your WordPress site safe from malware is one of the most important things you can do. If you need help to get this done, the team at TheeDigital is ready to help. We can also help you develop a new, secure site. Call 919-341-8901 for a free consultation or fill out our inquiry form and one of our web design specialists will contact you soon.

Tags: WordPress

Richard Horvath

Richard Horvath is the founder of TheeDigital, a Raleigh based award-winning web design and digital marketing agency. He is proud of his team and the results that they provide to their clients.

Related Posts

How to Update Your WordPress Plugins Safely
Support 8 min read

How to Update Your WordPress Plugins Safely

Running a WordPress site? Then getting your head around plugin updates is key. Think of these updates…
Richard Horvath

How to create a new gravity form
Our Favorites 5 min read

Gravity Forms – How to Create a New Form

Here you'll learn how to create and edit a Gravity Form on your site.
Richard Horvath

top wordpress web development trends for 2024
WordPress 4 min read

Top WordPress Web Development Trends for 2024

Ready to take your WordPress website to the next level? Discover how these 2024 WordPress trends can…
Melissa Read

Schedule a Consultation