WordPress Security is extremely important and something a lot of folks overlook. Far to many assume that either their site would never be hacked, or that WordPress is somehow immune to such things. The truth is that both are a myth, and folks are always looking for ways to exploit coding in an effort to bring your site down. Being prepared helps not only reduce their ability to get in, but also lessens the impact if they do. This article will go over several IMPORTANT steps every WordPress user must take to ensure they have sufficient WordPress Security.
1. DO NOT USE THE DEFAULT SQL DATABASE NAME WHEN INSTALLING WORDPRESS.
This is a common mistake, and even if you do, you can always change it or simply move on to #2. If you have a new install and nothing on the site yet, uninstall and then install it again. Only this time change the WP part in your database name.
2. DO NOT NAME THE ADMIN ACCOUNT, ADMIN.
Again if you did and you’ve just installed WP, uninstall it, reinstall, and choose a different name. If you don’t have a fresh install, you can still go into the SQL database and change it. Check out this article: Resetting Your Password
3. CHOOSE AN UNCOMMON PASSWORD.
I would seriously suggest using a password generator to get a random password. Don’t be stupid and use things like: password, 1234, admin, or any other common password that can be easily guessed. If you did, log in, go to your user profile and next to “New Password” click “Generate New Password”. Make sure you save it somewhere. I personally do a word doc and then print it. That way I have multiple copies.
4. INSTALL iTHEMES SECURITY PLUGIN
I have no connection with them other than personally using the plugin. I would install it before you start adding/editing any themes, content, or other plugins. Do it RIGHT NOW, here’s the link: iThemes Security Plugin
After you’ve installed it go ahead and secure your site from the pop up windown, then ADD YOUR IP ADDRESS TO THE WHITE LIST! That setting is located under Settings -> Global Settings – > Lockout White List. This prevents your IP address from being unable to login.
Next, Go through the settings and start activating them. Enable/setup things such as Banned Users, Brute Force Protection, File Change Detection, and Hide Login Area. This last one is very important, enable the Hide Backend and change it from the default wp-admin or wp-login. BE SURE YOU WRITE THIS DOWN.
If this is a new WordPress install, proceed to the Advanced tab. Go down to Change Content Directory, click on Enable Change Directory Name, and change it to something other than wp-content. In fact, don’t even use wp in the new name. If this is not a new install, do a FULL SITE BACKUP including database before you change this setting. Why? Because most likely it will break your site.
5. INSTALL KEYY TWO-FACTOR AUTHENTICATION PLUGIN.
I have no connection with them other than personally using the plugin. This plugin requires a smart phone and the app install on it and on your site. At a minimum you want to REQUIRE this for Admin users. If you’re the only user, disable password login and only use this to log into your site. The good news is that if you lose your smart phone, you have an override URL you can use to manually enter your name and pass with. Here’s the plugin: Keyy Plugin
They also offer a pro/paid version that gives you more options. Either way, you can’t lose.
6. SUBSCRIBE TO MALCARE.
We use this plugin also. This plugin actively scans your site for malware and then notifies you when it finds it. From there it removes it. You can also enable the daily site backups that’s handled by BlogVault. Their service allows you to perform backups, restores, update plugins/themes, and much more. It makes managing your WordPress site a breeze, and you’ll be glad you have it. You can try Malcare for free for one website (backups not included). Here’s an affiliate link to their site: Malcare
I could go on and on, but this article is intended to be a basics of MUST DO for WordPress Security. If you found it overwhelming, you could always subscribe to our Website Maintenance Plan and let us take care of it for you.
We hope you found this article helpful and that your site is now more safe and secure.