Some things to secure your website.

That does not cost anything.

Update WordPress

Anytime you login to your site and you see this.
Click ‘Please update now”!
Also, update all your Plugins and Themes.

WordPress Login

Every so often my server gets hammered with thousands of attempts to login with bogus credentials.
If you do not have the plugin “Limit Logins’, then every attempt is sent to the server backed, and of course rejected because either the username is incorrect or the password is. But still, this is processing power wasted.

The first thing we do is install this plugin.

Limit bad logins

This is standard on all new WordPress installs.
If you do not have it, get it.

You know your Login page, username and password.
If some tries and fails four times they are locked out for twenty minutes.
If after that they try again with four fails they are locked out for 24 hours.

Make your Site https

Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.

Install and Activate

You will be taken to a screen to ‘Go ahead, activate SSL!”
On the next page click “Enable” on the line for 301 redirect

Hide your Login Page

Change wp-login.php to anything you want.

Install and Activate, click on the plugins Settings link.

One the next page , change the word “login” to some thing you can remember but is unrelated to WordPress or logging in. Say, “mywriting”.

Logout and login using this name and now wp-admin.

Wordfence

We will just be using the free portions of this plugin.

Make sure you have also used WPS Hide Login.

Install and Activate, on the next screen put in your email address so you will receive warnings when hacking attempts happen.

At this time we do not have a Premium Key, click No Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.