How To Keep Your WordPress Site Secure

tomas-sobek-735207-unsplash

If you haven’t got a security plugin installed on your WordPress website please take 5 minutes to read this article and I’ll explain why it’s absolutely necessary you should to keep your WordPress site secure.

I was amazed the first time we used a WordPress security plugin and it highlighted the number of attempts automated bots are trying to login as the ‘admin’ user.

Securi-failed-logins
One of the #1 rules of security in WordPress is to not use the ‘admin’ username. The automated bots have a list of known passwords they try, usually ‘admin’ or the site name.

Create your own username for the Administrator role, and don’t use the site name either.

 

admin-logins

 

So how can you keep your WordPress site secure?

We’ll cover 3 options for keeping your WordPress site secure. Each of these plugins has a paid option with further features.

WordFence

The WordFence plugin (https://wordpress.org/plugins/wordfence/) claims to be the most downloaded WordPress Security plugin.

It blocks known attackers in realtime. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.

It allows two-factor authentication, which means using your mobile as a secondary form of ID in order to sign in.

It scans the core files, themes and plugins against the WordPress.org repository versions to check their integrity, and ensure no additional files are present.

You can also see your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. The best thing about this feature is that it makes you acutely aware of which security threats your site is facing.

iThemes

The iThemes security plugin (https://wordpress.org/plugins/better-wp-security/) claims to be #1 WordPress Security Plugin.

It boasts providing 30+ ways to secure and protect your WordPress site.

Brute Force Attack protection takes brute force protection to the next level by further banning users who have tried to break into other sites from breaking into yours. The iThemes Brute Force Protection Network will automatically report IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of sites that have seen a similar attack.

iThemes Security scans your site to instantly report where vulnerabilities exist and fixes them in seconds. It can ban troublesome user agents, bots and other hosts. It also prevents brute force attacks by banning hosts and users that have too many invalid login attempts,

iThemes Security also monitors your site and reports changes to the filesystem and database that might indicate a compromise.

iThemes Security can also hide common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site’s login, admin, etc.

Securi

The Securi plugin (https://wordpress.org/plugins/sucuri-scanner/)

Sucuri Inc is a globally recognized authority in all matters related to website security, with specialization in WordPress Security.

Security Activity Auditing provides you the website owner the ability keep a good eye on the various changes occurring within your site. Who is logging in? What changes are being made?

File Integrity Monitoring compares the files in your installation with those of a known good state and highlights differences which may be due to a security breach.

Remote Malware Scanning scans your site and compares to it’s own database of malware to determine if anything is present that shouldn’t be.

Blacklist Monitoring Another checks your site against a list of various blacklist engines which may be negatively flagging your website with a security related issue.

As the website owner, you have the option to make security alerts as quiet or noisy as you would like.

Conclusion

As with most things in life, it comes down to a personal preference. Try each of them out and see what works for you.

** Warning **

All security plugins can make significant changes to your database and other site files which can be problematic, so a backup is strongly recommended before making any changes to your site with these plugins.

Please ensure you have a full backup (database + files) before you install.

Website Care Plans

The team at Rock Paper Digital have just launched a new product to provide WordPress support that pays it forward to the charity of your choice!  We’ll look after the security and maintenance of your WordPress site so you can focus on your blog or business. We’ll even do unlimited small tasks for you which may include adding plugins, or hooking up an email capture to your site.

Our FREE guide will help you understand the importance of security and give you better peace of mind.

Are you keeping your WordPress website protected?

30-Day Money-Back Guarantee

We Know Trying A New Service Can Be Scary. That’s Why We Offer A 30-Day Money-Back Guarantee. If You’re Not Happy With Our Work We’ll Gladly Refund You Every Cent!

trusted by hundreds of small businesses