How to secure WordPress
I have devoted a fair amount of time to learn WordPress. I’ve often heard people say that WordPress is not secure and can be easily hacked. Well, given that it’s a very popular CMS system for websites makes it a good target for hackers. There are some steps for securing and hardening WordPress websites. In this blog post, I would like to show you how to do it.
How can I improve WordPress security?
There are several simple things you can do, which work together to make your WordPress website a lot more secure. Certainly, it’s no guarantee that it will keep hackers away, but it will definitely make it more difficult for them.
Below is a list to secure WordPress best.
- rename wp-admin login page
- Use login captcha (see image below)
- do not use admin as a username
- use the built-in password generator
- Update WordPress regularly
- Update your WordPress plugins
- change the wp database prefix, use a unique prefix
- User registration should require approval
- Comments should be approved first before publishing
- Use captcha for comments or contact forms
- Blacklist IPs with failed login attempts
Install a security and firewall plugin
There is a WordPress plugin “All in one WP Security” available which does all the above for you and more. It’s free and easy to use.
I just installed the plugin without activating any features. The plugin immediately starts to record any login attempts. Within a few days, I had over 2000 attempts to log in to my website, something I would never have found out without installing the plugin. Now with the plugin fully configured, the failed login attempts have been reduced to just a few per week. Also, the plugin effectively blacklists those attempts.
Another excellent security plugin is iThemes Security. There is a free and paid version available. The paid Pro version offers passkeys. Passwordless login with iPhone FaceID, fingerprint recognition for MAC users, or Windows Hello. It is the only security plugin in the WordPress universe offering this feature.
This makes it quite clear that it is an absolute must for every WordPress website owner to use a security and hardening plugin. If you haven’t done so, make sure to install one and configure it properly, either by yourself or by asking someone for help.
Select a reliable hosting company.
Often overlooked, web hosting is one of the key components of every hardening and secure WordPress website. A web server is also vulnerable and needs permanent maintenance to keep it up to date. So, pay attention to where you host your WordPress website.
There are different types of WordPress hosting options available such as Free, Shared, VPS hosting. VPS means a virtual private server. VPS is basically your renting a server in a data center. They are more expensive and only make sense when you have a lot of websites. However, be aware that with a VPS server, you must keep the server up to date by yourself. It’s a lot more work to secure WordPress.
Some hosting recommendations
They are offering malware scanning and proactive brute-force attack protection. And in case everything goes wrong, daily backups are essential. It’s included in most hosting packages.
To sum up
It’s vital to harden and secure WordPress. And it is not challenging to do so. Everyone can do it, but you should really take the time and do it! The “All in one WP security” plugin is my first choice. Yes, because it is free. Of course, there are other security plugins available, though. If your website is already infected or you believe so, you could use a malware scanner. Malcare offers a widely used solution as a service to help you with already infected websites.
At Fiverr, I offer a gig for a very reasonable price. I would be happy to secure your WordPress website for you. Don’t hesitate to contact me!