WordPress Security: A Quick Guide for Beginners
Big shout out to @MartieDread of Let’s Build WordPress fame for this guest video. Martie thought it would be useful and relevant for WP Eagle subscribers. In the video Martie covers 4 areas of WordPress security that can be improved.
It’s mind blowing how many people now use WordPress – something in the region of 20,000,000 websites have been built with WordPress. But that also means there are around 100,000 WordPress security attacks every minute. And hackers don’t care who you are. They will try and break your site. It doesn’t matter what your site is about, how old it is or how many visitors you get.
We all know the importance of keeping our version of WordPress, our themes and our plugins all bang up to date. But there are extra measures we can take to make sure that we do not fall prey to the hackers…
- 01:03 Change the Default WordPress Login URL
Almost all WordPress websites can be logged into by adding wp-admin to the domain; yourdomain.com/wp-admin. You could be inviting the hackers in if you leave your WordPress login as it is. Instead, consider setting up a more unique WordPress login page URL. And it doesn’t have to be complicated. Of course, you could do it manually (the hard way) but why over-complicate things when you can simply install a plugin?
Martie has used WPS Hide Login. Once installed, you can access it through Settings > General and then specify your new WordPress login URL. Be sure to write it down somewhere! Your old /wp-admin URL will now return a 404 error.
- 02:29 Limit Login Attempts to Our Site
By default, you can attempt to login to your WordPress install as many times as you like without any consequences. Great if you simply can’t remember your password and need 20 attempts before you get it right. Not great if hackers are using bots to attack your site and can have as many goes at cracking your password as they like. Those things are relentless.
Luckily, it’s dead easy to limit the number of login attempts allowed with a simple plugin. Martie recommends Limit Login Attempts Reloaded. The plugin lets you set how many attempts a user is allowed before they are locked out of the site. You can then set how long that user must wait until they can try to login again.
- 04:08 Block SPAM Comments
Definitely annoying, potentially harmful, spam comments are the bane of our lives. But there are ways to filter out the spam. You guessed it. With a plugin. WordPress Zero Spam is so easy to use. You just have to install it. That’s it. No settings, just activate, go and kiss goodbye to spam comments.
- 05:15 Keep Automatic Backups using UpDraftPlus
Backing up your site is one of the most important rules of good housekeeping. If something were to happen to your site, you could simply restore it from a backup to be back in the game the same day.
Martie recommends a plugin that we have used quite a bit over the last few years; UpdraftPlus. It is one of the best-loved WordPress plugins with over 1,000,000 websites using it. You can choose how often you want to back up your site, how long you want to keep each back up and where you want to save your back up to (Dropbox, Google Drive, email etc).
Obviously there are many ways to keep your site secure but these are 4 of the easiest and most robust ways to ensure WordPress security.
Thanks again to @MartieDread from Let’s Build WordPress. You might also want to check out a video I did a while back about WordPress security.
If you haven’t already, subscribe to the WP Eagle YouTube channel for loads more WordPress tutorials and guides.