No website is 100% safe online, so here are a few tips and plugin suggestions on how to help protect your site more.
- Update WordPress & WordPress Plugins – You want to make sure WordPress and all your plugins are up to date. WordPress releases updates often to improve security.
- Strong Passwords – Make sure you have a strong password that can not easily be guessed for WordPress and your FTP login.
- Limit FREE WordPress Themes & Plugins – There are free WordPress themes online that have malicious code in them that can cause problems on your server. Also, poorly written plugins can have vulnerabilities and be hacked. So limit what plugins and themes you have on your server.
Tips & Tools
- Rename your login page – For almost any WordPress site you can go to someones domain name and type wp-login.php and you will get access to their login form, and people will attempt to login to your site. With the Rename wp-login.php plugin you can change your login page address to some to something else that only you know so people can’t find your login page. Example: www.your-domain.com/enter
- Limit login attempts – In the case of a hacker or a bot attempting a brute-force attack to crack your password, it can be useful to limit the number of failed login attempts from a single IP address. Limit Login Attempts does just that, allowing you to specify how many retries will be allowed, and how long an IP will be locked out for after too many failed login attempts. There are ways around this, as some attackers will use a large number of different IP addresses, but it’s still worth doing as an additional precaution.
- Install a Security Plugin – Security plugins can add extra security to your WordPress site. Only install one of these plugins.
- Acunetix Secure WordPress ( I use this one ) – Acunetix Secure WordPress plugin is a free and comprehensive security tool that helps you secure your WordPress installation and suggests corrective measures for: securing file permissions, security of the database, version hiding, WordPress admin protection and lots more.
- Wordfence Security – The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
- BulletProof Security – WordPress Website Security Protection: Firewall Security, Login Security, Database Security… Effective, Reliable, Easy to use.
- Back Up Your Website – You should back up your site monthly or even weekly depending how often you update. Backing up your site can save you hours of your time in case something happens to your site. I don’t have a suggested plugin for this, but check out these articls to see a plugin that may work for your.
More Security Articles
- 11 Quick Tips: Securing Your WordPress Site
- Essential WordPress Security Tips – Is Your Blog Protected?
- WordPress Security: Tried and True Tips to Secure WordPress
Tutorial: How to install a WordPress plugin.