{"id":12776,"date":"2025-06-23T15:19:58","date_gmt":"2025-06-23T07:19:58","guid":{"rendered":"https:\/\/www.quape.com\/?p=12776"},"modified":"2025-07-09T20:46:05","modified_gmt":"2025-07-09T12:46:05","slug":"how-to-prevent-website-from-being-hacked","status":"publish","type":"post","link":"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/","title":{"rendered":"#17 Tips Ahli untuk Mencegah Situs Web Diretas"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p data-start=\"349\" data-end=\"778\">How to prevent website from being hacked is one of the most important concerns for any website owner today especially those using WordPress. As the world\u2019s most popular content management system (CMS) in 2025, WordPress powers over 40% of all websites globally. But with that popularity comes risk: it remains a prime target for cyberattacks, from brute force login attempts to plugin vulnerabilities and malicious uploads.<\/p>\n<p data-start=\"780\" data-end=\"1226\">If you manage a WordPress site, securing your website against hackers isn\u2019t just a best practice it\u2019s critical. This technical yet practical guide walks you through step-by-step methods to secure your site using modern security strategies that are used by professionals and defense teams in 2025. Whether you&#8217;re a developer, system administrator, or agency owner, following these practices will significantly strengthen your website&#8217;s defenses.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#1_Hide_WordPress_Version_and_Disable_XML-RPC\" >1. Hide WordPress Version and Disable XML-RPC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#2_Turn_Off_Debugging_in_Production\" >2. Turn Off Debugging in Production<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#3_Secure_Sensitive_Files\" >3. Secure Sensitive Files<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#4_Enforce_Strong_Passwords_and_Enable_2FA\" >4. Enforce Strong Passwords and Enable 2FA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#5_Limit_Login_Attempts_and_Restrict_Admin_Area\" >5. Limit Login Attempts and Restrict Admin Area<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#6_Use_a_Web_Application_Firewall_WAF\" >6. Use a Web Application Firewall (WAF)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#7_Disable_PHP_Execution_in_Uploads_Directory\" >7. Disable PHP Execution in Uploads Directory<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#8_Disable_Dangerous_PHP_Functions\" >8. Disable Dangerous PHP Functions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#9_Reduce_Plugin_and_Theme_Footprint\" >9. Reduce Plugin and Theme Footprint<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#10_Keep_Core_Plugins_and_Themes_Updated\" >10. Keep Core, Plugins, and Themes Updated<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#11_Enable_Monitoring_and_Centralized_Logging\" >11. Enable Monitoring and Centralized Logging<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#12_Schedule_Encrypted_Backups\" >12. Schedule Encrypted Backups<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#13_Disable_JSON_REST_API_User_Enumeration\" >13. Disable JSON REST API User Enumeration<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#14_Integrate_Threat_Intelligence_and_IP_Reputation\" >14. Integrate Threat Intelligence and IP Reputation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#15_Implement_AI-Based_Security_Tools\" >15. Implement AI-Based Security Tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#16_Secure_CICD_and_Deployment_Pipelines\" >16. Secure CI\/CD and Deployment Pipelines<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#17_SIEM_Integration_Wazuh_ELK_Graylog\" >17. SIEM Integration: Wazuh, ELK, Graylog<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.quape.com\/id\/how-to-prevent-website-from-being-hacked\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2 data-start=\"828\" data-end=\"876\"><span class=\"ez-toc-section\" id=\"1_Hide_WordPress_Version_and_Disable_XML-RPC\"><\/span>1. Hide WordPress Version and Disable XML-RPC<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"878\" data-end=\"953\">Attackers commonly fingerprint your site\u2019s version to find vulnerabilities.<\/p>\n<ul data-start=\"972\" data-end=\"1021\">\n<li data-start=\"972\" data-end=\"1021\">\n<p data-start=\"974\" data-end=\"1021\">Remove WordPress version from the <code data-start=\"1008\" data-end=\"1016\">&lt;head&gt;<\/code> tag:<\/p>\n<\/li>\n<\/ul>\n<pre><span style=\"font-size: 1rem\">remove_action('wp_head', 'wp_generator');<\/span><\/pre>\n<ul data-start=\"1077\" data-end=\"1139\">\n<li data-start=\"1077\" data-end=\"1139\">\n<p data-start=\"1079\" data-end=\"1139\">Disable XML-RPC to prevent brute-force and pingback attacks:<\/p>\n<\/li>\n<\/ul>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre style=\"text-align: left\">&lt;Files xmlrpc.php&gt;\r\norder deny,allow\r\ndeny from all\r\n&lt;\/Files&gt;<\/pre>\n<ul>\n<li data-start=\"1219\" data-end=\"1241\">Or in <code data-start=\"1225\" data-end=\"1240\">functions.php<\/code>:<\/li>\n<\/ul>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">add_filter('xmlrpc_enabled', '__return_false');<\/pre>\n<p data-start=\"1303\" data-end=\"1361\"><strong data-start=\"1303\" data-end=\"1319\">Alternative:<\/strong> Use plugins like <a href=\"https:\/\/wordpress.org\/plugins\/disable-xml-rpc-api\/\" target=\"_blank\" rel=\"noopener\"><strong data-start=\"1337\" data-end=\"1360\">Disable XML-RPC-API<\/strong>.<\/a><\/p>\n<p data-start=\"1303\" data-end=\"1361\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-12777\" src=\"https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/prevent-website-from-being-hacked-300x140.png\" alt=\"prevent website from being hacked\" width=\"444\" height=\"207\" srcset=\"https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/prevent-website-from-being-hacked-300x140.png 300w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/prevent-website-from-being-hacked-1024x479.png 1024w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/prevent-website-from-being-hacked-768x359.png 768w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/prevent-website-from-being-hacked.png 1417w\" sizes=\"(max-width: 444px) 100vw, 444px\" \/><\/p>\n<h2 data-start=\"1368\" data-end=\"1406\"><span class=\"ez-toc-section\" id=\"2_Turn_Off_Debugging_in_Production\"><\/span>2. Turn Off Debugging in Production<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"1408\" data-end=\"1471\">Debugging reveals critical information to attackers if left on.<\/p>\n<ul>\n<li data-start=\"1473\" data-end=\"1504\"><strong data-start=\"1473\" data-end=\"1504\">Disable in <code data-start=\"1486\" data-end=\"1501\">wp-config.php<\/code>:<\/strong><\/li>\n<\/ul>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">define('WP_DEBUG', false);\r\ndefine('WP_DEBUG_LOG', false);<\/pre>\n<\/div>\n<h2 data-start=\"1581\" data-end=\"1609\"><span class=\"ez-toc-section\" id=\"3_Secure_Sensitive_Files\"><\/span>3. Secure Sensitive Files<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"1611\" data-end=\"1701\">Files such as <code data-start=\"1625\" data-end=\"1640\">wp-config.php<\/code> and <code data-start=\"1645\" data-end=\"1656\">.htaccess<\/code> store database credentials and server rules.<\/p>\n<p><strong data-start=\"1703\" data-end=\"1722\">Best practices:<\/strong><\/p>\n<ul>\n<li data-start=\"1724\" data-end=\"1749\">\n<p data-start=\"1726\" data-end=\"1749\">Set secure permissions:<\/p>\n<\/li>\n<\/ul>\n<pre>chmod 400 wp-config.php<\/pre>\n<ul data-start=\"1788\" data-end=\"1828\">\n<li data-start=\"1788\" data-end=\"1828\">\n<p data-start=\"1790\" data-end=\"1828\">Block external access via <code data-start=\"1816\" data-end=\"1827\">.htaccess<\/code>:<\/p>\n<\/li>\n<\/ul>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">&lt;Files wp-config.php&gt;\r\norder allow,deny\r\ndeny from all\r\n&lt;\/Files&gt;<\/pre>\n<h2 data-start=\"1916\" data-end=\"1961\"><span class=\"ez-toc-section\" id=\"4_Enforce_Strong_Passwords_and_Enable_2FA\"><\/span>4. Enforce Strong Passwords and Enable 2FA<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"1963\" data-end=\"2016\">Brute-force attacks are still a common attack vector.<\/p>\n<p data-start=\"2018\" data-end=\"2030\"><strong data-start=\"2018\" data-end=\"2030\">Actions:<\/strong><\/p>\n<ol>\n<li data-start=\"2032\" data-end=\"2084\">\n<p data-start=\"2034\" data-end=\"2084\">Use password managers (e.g., Bitwarden, 1Password)<\/p>\n<\/li>\n<li data-start=\"2085\" data-end=\"2121\">\n<p data-start=\"2087\" data-end=\"2121\">Enforce strong passwords site-wide<\/p>\n<\/li>\n<li data-start=\"2124\" data-end=\"2149\">Install 2FA plugins like:<\/li>\n<li data-start=\"2152\" data-end=\"2178\">\n<p data-start=\"2154\" data-end=\"2178\">Wordfence Login Security<\/p>\n<\/li>\n<\/ol>\n<ol>\n<li data-start=\"2181\" data-end=\"2203\">\n<p data-start=\"2183\" data-end=\"2203\">Google Authenticator<\/p>\n<\/li>\n<\/ol>\n<ol data-start=\"2032\" data-end=\"2222\">\n<li>Duo Two-Factor<\/li>\n<\/ol>\n<h2 data-start=\"2229\" data-end=\"2279\"><span class=\"ez-toc-section\" id=\"5_Limit_Login_Attempts_and_Restrict_Admin_Area\"><\/span>5. Limit Login Attempts and Restrict Admin Area<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"2281\" data-end=\"2351\">Protect your login page from automation tools and unauthorized access.<\/p>\n<p data-start=\"2353\" data-end=\"2363\"><strong data-start=\"2353\" data-end=\"2363\">Steps:<\/strong><\/p>\n<ul>\n<li data-start=\"2365\" data-end=\"2404\">\n<p data-start=\"2367\" data-end=\"2404\">Use <strong data-start=\"2371\" data-end=\"2404\">Limit Login Attempts Reloaded<\/strong><\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"2405\" data-end=\"2461\">\n<p data-start=\"2407\" data-end=\"2461\">Add CAPTCHA (Google reCAPTCHA or Cloudflare Turnstile)<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"2365\" data-end=\"2523\">\n<li data-start=\"2462\" data-end=\"2523\">\n<p data-start=\"2464\" data-end=\"2523\">Restrict <code data-start=\"2473\" data-end=\"2487\">wp-login.php<\/code> by IP using <code data-start=\"2500\" data-end=\"2511\">.htaccess<\/code> or firewall<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"2530\" data-end=\"2572\"><span class=\"ez-toc-section\" id=\"6_Use_a_Web_Application_Firewall_WAF\"><\/span>6. Use a Web Application Firewall (WAF)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"2574\" data-end=\"2634\">A WAF filters malicious traffic before it reaches your site.<\/p>\n<p data-start=\"2636\" data-end=\"2652\"><strong data-start=\"2636\" data-end=\"2652\">Recommended:<\/strong><\/p>\n<ul>\n<li data-start=\"2654\" data-end=\"2682\">\n<p data-start=\"2656\" data-end=\"2682\">Cloudflare WAF (DNS-level)<\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"2683\" data-end=\"2714\">\n<p data-start=\"2685\" data-end=\"2714\">Sucuri Firewall (Cloud-based)<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"2654\" data-end=\"2765\">\n<li data-start=\"2715\" data-end=\"2765\">\n<p data-start=\"2717\" data-end=\"2765\">ModSecurity + OWASP Core Rule Set (Server-level)<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"2772\" data-end=\"2820\"><span class=\"ez-toc-section\" id=\"7_Disable_PHP_Execution_in_Uploads_Directory\"><\/span>7. Disable PHP Execution in Uploads Directory<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"2822\" data-end=\"2873\">Block attackers from executing malicious PHP files.<\/p>\n<p data-start=\"2875\" data-end=\"2886\"><strong data-start=\"2875\" data-end=\"2886\">Apache:<\/strong><\/p>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">&lt;Directory \"\/wp-content\/uploads\"&gt;\r\n&lt;FilesMatch \"\\.php$\"&gt;\r\nDeny from all\r\n&lt;\/FilesMatch&gt;\r\n&lt;\/Directory&gt;<\/pre>\n<p data-start=\"3008\" data-end=\"3018\"><strong data-start=\"3008\" data-end=\"3018\">NGINX:<\/strong><\/p>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">location ~* \/wp-content\/uploads\/.*\\.php$ {\r\ndeny all;\r\n}<\/pre>\n<h2 data-start=\"3096\" data-end=\"3133\"><span class=\"ez-toc-section\" id=\"8_Disable_Dangerous_PHP_Functions\"><\/span>8. Disable Dangerous PHP Functions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"3135\" data-end=\"3187\">Limit exposure to command execution vulnerabilities.<\/p>\n<p data-start=\"3189\" data-end=\"3204\"><strong data-start=\"3189\" data-end=\"3204\">In php.ini:<\/strong><\/p>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">disable_functions = exec,passthru,shell_exec,system,proc_open,popen\r\nexpose_php = Off\r\nallow_url_fopen = Off<\/pre>\n<h2 data-start=\"3327\" data-end=\"3366\"><span class=\"ez-toc-section\" id=\"9_Reduce_Plugin_and_Theme_Footprint\"><\/span>9. Reduce Plugin and Theme Footprint<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"3368\" data-end=\"3411\">Every plugin is a potential attack surface.<\/p>\n<p data-start=\"3413\" data-end=\"3422\"><strong data-start=\"3413\" data-end=\"3422\">Tips:<\/strong><\/p>\n<ul>\n<li data-start=\"3424\" data-end=\"3455\">\n<p data-start=\"3426\" data-end=\"3455\">Install only verified plugins<\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"3456\" data-end=\"3486\">\n<p data-start=\"3458\" data-end=\"3486\">Remove unused themes\/plugins<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"3424\" data-end=\"3520\">\n<li data-start=\"3487\" data-end=\"3520\">\n<p data-start=\"3489\" data-end=\"3520\">Never use nulled (pirated) code<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"3527\" data-end=\"3572\"><span class=\"ez-toc-section\" id=\"10_Keep_Core_Plugins_and_Themes_Updated\"><\/span>10. Keep Core, Plugins, and Themes Updated<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"3574\" data-end=\"3602\">Updates fix security issues.<\/p>\n<p data-start=\"3604\" data-end=\"3618\"><strong data-start=\"3604\" data-end=\"3618\">Checklist:<\/strong><\/p>\n<ul>\n<li data-start=\"3620\" data-end=\"3660\">\n<p data-start=\"3622\" data-end=\"3660\">Enable auto-updates for minor versions<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"3620\" data-end=\"3733\">\n<li data-start=\"3661\" data-end=\"3687\">\n<p data-start=\"3663\" data-end=\"3687\">Update plugins regularly<\/p>\n<\/li>\n<li data-start=\"3688\" data-end=\"3733\">\n<p data-start=\"3690\" data-end=\"3733\">Upgrade to the latest supported PHP version<\/p>\n<\/li>\n<\/ul>\n<p><strong>Also Read: <a href=\"https:\/\/www.quape.com\/why-ssl-is-important-for-email-security\/\">6 Reasons Why SSL Is Important for Email Security<\/a><\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<h2 data-start=\"3740\" data-end=\"3788\"><span class=\"ez-toc-section\" id=\"11_Enable_Monitoring_and_Centralized_Logging\"><\/span>11. Enable Monitoring and Centralized Logging<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"3790\" data-end=\"3838\">Track and analyze activities across your system.<\/p>\n<p data-start=\"3840\" data-end=\"3850\"><strong data-start=\"3840\" data-end=\"3850\">Tools:<\/strong><\/p>\n<ul>\n<li data-start=\"3852\" data-end=\"3878\">\n<p data-start=\"3854\" data-end=\"3878\">WP Activity Log (plugin)<\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"3879\" data-end=\"3898\">\n<p data-start=\"3881\" data-end=\"3898\">Apache\/Nginx logs<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"3852\" data-end=\"3958\">\n<li data-start=\"3899\" data-end=\"3958\">\n<p data-start=\"3901\" data-end=\"3958\">Send logs to SIEM like <strong data-start=\"3924\" data-end=\"3933\">Wazuh<\/strong>, <strong data-start=\"3935\" data-end=\"3942\">ELK<\/strong>, or <strong data-start=\"3947\" data-end=\"3958\">Graylog<\/strong><\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"3965\" data-end=\"3998\"><span class=\"ez-toc-section\" id=\"12_Schedule_Encrypted_Backups\"><\/span>12. Schedule Encrypted Backups<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"4000\" data-end=\"4047\">Backups can save your business after an attack.<\/p>\n<p data-start=\"4049\" data-end=\"4068\"><strong data-start=\"4049\" data-end=\"4068\">Best practices:<\/strong><\/p>\n<ul>\n<li data-start=\"4070\" data-end=\"4108\">\n<p data-start=\"4072\" data-end=\"4108\">Daily database + weekly full backups<\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"4109\" data-end=\"4132\">\n<p data-start=\"4111\" data-end=\"4132\">Encrypt using AES-256<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"4070\" data-end=\"4172\">\n<li data-start=\"4133\" data-end=\"4172\">\n<p data-start=\"4135\" data-end=\"4172\">Store remotely (AWS S3, Google Drive)<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"4179\" data-end=\"4224\"><span class=\"ez-toc-section\" id=\"13_Disable_JSON_REST_API_User_Enumeration\"><\/span>13. Disable JSON REST API User Enumeration<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"4226\" data-end=\"4262\">Hide usernames from automated scans.<\/p>\n<p data-start=\"4264\" data-end=\"4292\"><strong data-start=\"4264\" data-end=\"4292\">Code in <code data-start=\"4274\" data-end=\"4289\">functions.php<\/code>:<\/strong><\/p>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<pre class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between h-9 bg-token-sidebar-surface-primary select-none rounded-t-2xl\">add_filter('rest_endpoints', function($endpoints) {\r\nif (isset($endpoints['\/wp\/v2\/users'])) {\r\nunset($endpoints['\/wp\/v2\/users']);\r\n}\r\nreturn $endpoints;\r\n});<\/pre>\n<p data-start=\"4469\" data-end=\"4504\"><strong data-start=\"4469\" data-end=\"4480\">Or use:<\/strong> <a href=\"https:\/\/wordpress.org\/plugins\/disable-wp-rest-api\/\" target=\"_blank\" rel=\"noopener\">Disable REST API plugin<\/a><\/p>\n<p data-start=\"4469\" data-end=\"4504\"><img decoding=\"async\" class=\"alignnone wp-image-12778\" src=\"https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked-300x141.png\" alt=\"How to prevent website from being hacked\" width=\"453\" height=\"213\" srcset=\"https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked-300x141.png 300w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked-1024x480.png 1024w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked-768x360.png 768w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked-1536x721.png 1536w, https:\/\/www.quape.com\/wp-content\/uploads\/2025\/06\/How-to-prevent-website-from-being-hacked.png 1575w\" sizes=\"(max-width: 453px) 100vw, 453px\" \/><\/p>\n<h2 data-start=\"4511\" data-end=\"4565\"><span class=\"ez-toc-section\" id=\"14_Integrate_Threat_Intelligence_and_IP_Reputation\"><\/span>14. Integrate Threat Intelligence and IP Reputation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"4567\" data-end=\"4615\">Stop known malicious actors before they do harm.<\/p>\n<p data-start=\"4617\" data-end=\"4631\"><strong data-start=\"4617\" data-end=\"4631\">Implement:<\/strong><\/p>\n<ul>\n<li data-start=\"4633\" data-end=\"4660\">\n<p data-start=\"4635\" data-end=\"4660\">Cloudflare\u2019s threat feeds<\/p>\n<\/li>\n<\/ul>\n<ul>\n<li data-start=\"4661\" data-end=\"4697\">\n<p data-start=\"4663\" data-end=\"4697\">AbuseIPDB and CrowdSec integration<\/p>\n<\/li>\n<\/ul>\n<ul data-start=\"4633\" data-end=\"4756\">\n<li data-start=\"4698\" data-end=\"4756\">\n<p data-start=\"4700\" data-end=\"4756\">Custom firewall rules to block TOR, bad ASNs, or botnets<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"4763\" data-end=\"4803\"><span class=\"ez-toc-section\" id=\"15_Implement_AI-Based_Security_Tools\"><\/span>15. Implement AI-Based Security Tools<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"4805\" data-end=\"4841\">Modern threats need smart solutions.<\/p>\n<p data-start=\"4843\" data-end=\"4859\"><strong data-start=\"4843\" data-end=\"4859\">Suggestions:<\/strong><\/p>\n<ul>\n<li data-start=\"4861\" data-end=\"4911\">\n<p data-start=\"4863\" data-end=\"4911\">Wordfence Premium (includes AI-based heuristics)<\/p>\n<\/li>\n<li data-start=\"4912\" data-end=\"4947\">\n<p data-start=\"4914\" data-end=\"4947\">Sucuri\u2019s anomaly detection engine<\/p>\n<\/li>\n<li data-start=\"4948\" data-end=\"4989\">\n<p data-start=\"4950\" data-end=\"4989\">Immunify360 for server-level protection<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"4996\" data-end=\"5040\"><span class=\"ez-toc-section\" id=\"16_Secure_CICD_and_Deployment_Pipelines\"><\/span>16. Secure CI\/CD and Deployment Pipelines<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"5042\" data-end=\"5073\">Harden your deployment process.<\/p>\n<p data-start=\"5075\" data-end=\"5094\"><strong data-start=\"5075\" data-end=\"5094\">Security tools:<\/strong><\/p>\n<ul data-start=\"5096\" data-end=\"5220\">\n<li data-start=\"5096\" data-end=\"5130\">\n<p data-start=\"5098\" data-end=\"5130\"><code data-start=\"5098\" data-end=\"5107\">semgrep<\/code> \u2013 static code analysis<\/p>\n<\/li>\n<li data-start=\"5131\" data-end=\"5171\">\n<p data-start=\"5133\" data-end=\"5171\"><code data-start=\"5133\" data-end=\"5140\">Trivy<\/code> \u2013 container and image scanning<\/p>\n<\/li>\n<li data-start=\"5172\" data-end=\"5220\">\n<p data-start=\"5174\" data-end=\"5220\">Auto-scan themes and plugins before deployment<\/p>\n<\/li>\n<\/ul>\n<h2 data-start=\"5227\" data-end=\"5271\"><span class=\"ez-toc-section\" id=\"17_SIEM_Integration_Wazuh_ELK_Graylog\"><\/span>17. SIEM Integration: Wazuh, ELK, Graylog<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"5273\" data-end=\"5329\">Enhance visibility and response through log aggregation.<\/p>\n<p data-start=\"5331\" data-end=\"5341\"><strong data-start=\"5331\" data-end=\"5341\">Steps:<\/strong><\/p>\n<ul data-start=\"5343\" data-end=\"5620\">\n<li data-start=\"5343\" data-end=\"5385\">\n<p data-start=\"5345\" data-end=\"5385\">Forward logs with Filebeat or Fluent Bit<\/p>\n<\/li>\n<li data-start=\"5386\" data-end=\"5523\">\n<p data-start=\"5388\" data-end=\"5409\">Configure alerts for:<\/p>\n<ul data-start=\"5412\" data-end=\"5523\">\n<li data-start=\"5412\" data-end=\"5440\">\n<p data-start=\"5414\" data-end=\"5440\">Plugin\/theme modifications<\/p>\n<\/li>\n<li data-start=\"5443\" data-end=\"5478\">\n<p data-start=\"5445\" data-end=\"5478\">wp-login.php brute-force attempts<\/p>\n<\/li>\n<li data-start=\"5481\" data-end=\"5523\">\n<p data-start=\"5483\" data-end=\"5523\">Suspicious shell or file system activity<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"5524\" data-end=\"5567\">\n<p data-start=\"5526\" data-end=\"5567\">Correlate WordPress logs with system logs<\/p>\n<\/li>\n<li data-start=\"5568\" data-end=\"5620\">\n<p data-start=\"5570\" data-end=\"5620\">Create visual dashboards with Kibana or OpenSearch<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5622\" data-end=\"5705\"><strong data-start=\"5622\" data-end=\"5641\">Why it matters:<\/strong> Detect early signs of compromise and act before damage is done.<\/p>\n<h2 data-start=\"6364\" data-end=\"6377\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p data-start=\"6379\" data-end=\"6682\">Preventing your WordPress website from being hacked in 2025 requires a multi-layered approach that combines technical best practices with real-time monitoring and smart automation. While no system is ever 100% secure, applying the strategies above will drastically reduce your exposure to cyber threats.<\/p>\n<p data-start=\"6684\" data-end=\"6975\">At <b>QUAPE<\/b>, we specialize in secure, fully-managed WordPress hosting and custom website hardening services. Whether you&#8217;re an enterprise, agency, or startup, our team is ready to help you stay one step ahead of attackers with advanced protection, SIEM integration, and ongoing maintenance.<\/p>\n<p data-start=\"6977\" data-end=\"7061\"><a href=\"https:\/\/www.quape.com\/contact-us\/\"><strong data-start=\"6977\" data-end=\"6997\">Contact us today<\/strong><\/a> to learn how we can protect and optimize your digital presence.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How to prevent website from being hacked is one of the most important concerns for any website owner today especially those using WordPress. As the world\u2019s most popular content management system (CMS) in 2025, WordPress powers over 40% of all websites globally. But with that popularity comes risk: it remains a prime target for cyberattacks, [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":12783,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93],"tags":[127,119,121,126,124,122,128,120,125,123],"class_list":["post-12776","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-2025-website-security","tag-prevent-website-from-being-hacked","tag-secure-wordpress-website","tag-web-application-security","tag-wordpress-brute-force-protection","tag-wordpress-firewall","tag-wordpress-hardening-guide","tag-wordpress-security-tips","tag-wordpress-siem-integration","tag-xmlrpc-disable-wordpress"],"_links":{"self":[{"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/posts\/12776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/comments?post=12776"}],"version-history":[{"count":0,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/posts\/12776\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/media\/12783"}],"wp:attachment":[{"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/media?parent=12776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/categories?post=12776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quape.com\/id\/wp-json\/wp\/v2\/tags?post=12776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}