Roy
(@gangleri)
Yes, by not connecting the website to the internet.
Frankly, when a website can be accessed from any place in the world, it can be hacked. Of course you can try to make this as unlikely as possible, but there can never be a guarantee “to avoid” it.
Of course it’s not just WP either. You have to mind themes, more particularly plugins, but there is always a risk that your host has outdated server software, that you share a server with someone with a stoneage WP or Joomla (or else) that give hackers access to the server that your website is on, that sort of stuff.
Not to make you overly scared, just cautious. In my 4 years with WP I have never been hacked, even though I’m on a shared server with a few hundred other websites (fingers crossed 🙂 ).
Well then, start here for tips to make your WP as save as possible:
http://codex.wordpress.org/Hardening_WordPress
I personally have wp-admin, wp-includes and the login/logout screens behind htaccess passwords, my table prefix is not wp_ and my admin username is not “admin”. I have Bad Behavior running to hold off bots. This did the trick over the last years. Btw, the numbers of security patches for WP because some vulnerability has been discovered has greatly DEcreased over the years. This means that WP itself is getting safer and safer too.
When you look back at the most recent “hacked” threads on this forum, since the last year (or so) this have always been server side hacks of websites on some particular host. There hasn’t been a widespread WP hack for a long time. Of course there are always boneheads with old versions, but even those hacked seems to become rarer.
There’s is almost nothing that hackers discover these days that they can make use of and when they do, WP is updated and we all upgrade to the latest version asap. Staying up to date is crucial.
