There’s a number of things you can do to protect your WordPress website from hackers.
Unfortunately, the fact is, as with securing anything, it’s about setting up as many obstacles as possible.
You have to start with the most obvious and easiest places to assault first.
So here is a basic list of things you can do, and the plugins you can use to do it, for securing your WordPress website.
Now I am sure there’s a bunch of products out there to accomplish these tasks, and I’m not saying that the plugins listed here are the best out there.
I am simply sharing what we have used with relative success.
You will find that when you install WordPress, there are some plugins that come preloaded.
One of those plugins is Titan Anti-Spam & Security.
I don’t usually bother with the anti-spam part of this plugin since Recaptcha usually does fine, but the security side of the plugin offers some handy free features.
One of the first places to start for protecting your WordPress website is limiting the number of failed login attempts.
This will prevent a brute force attack by limiting how many attempts one can make before it simply blocks that IP Address for a set amount of time.
The next thing it can do for you is change your admin login page.
Every content management system has a back-end login page by default, so by simply changing where this page is located to something custom created by you, helps protect it.
Titan’s free version has more great features for securing your WordPress website…
However, there is another security plugin that we use who certainly deserves to be mentioned here and that’s…
For me, Wordfence pretty much picks up where the free version for Titan leaves off.
Wordfence offers a few advanced firewall features in their free version that add a couple more layers of protection.
It will also allow you to automatically block specific usernames that hackers might try to target like admin, administrator, or the first letters of your domain name as the username.
Some hosts auto-install WordPress with these usernames by default.
- It will prevent WordPress from revealing valid users in login errors.
- It will prevent users from registering usernames like ‘admin’ if it doesn’t exist.
- Block IPs who send POST requests with blank User-Agent and Referrer.
- And a handful of other cool administrative functions.
I seldom straddle multiple plugins for the same role, & I am SURE there are excellent premium solutions out there.
BUT, I am somewhat frugal and know how to operate most of the functions in these products properly.
All I can say is, as always…
Read the directions &
Try not to lock yourself out!
If you found this information useful, please feel free to share it with your friends using the links below.