How to secure WordPress websites and blogs for free?
This way we don’t need to worry about hackers gaining access or BOTS injecting harmful codes into our site.
I’m not trying to alarm you or anything WordPress is pretty secure by default but just like with any other platform there are still certain things we can improve on.
So if you’re ready to start improving your WordPress security here are five simple steps to do just that.
Before we get into the five steps, I just want to quickly run over three super basic things first for anyone who’s brand new to WordPress security:
1. We should always use a strong password for logging into your WordPress site
2. Always keep WordPress along with any themes and plugins we have installed up to date
3. Setting up automatic backups of our WordPress site is a great idea.
This way it’s the unlikely event that we get hacked. We can still restore our site back to the way it was!
Now, let’s move on to the main security tips:
1. Hide the WordPress login page URL:
So the first thing we’re going to do is hide our WordPress login page by having it appear on a different URL instead. So, in case you didn’t know this already by default, we can access the login page for any WordPress site by typing in the domainname.com/wp-admin.
Needless to say, this is pretty risky so just to make it, that little bit more difficult for anyone trying to access our site, we’re going to change the login page URL and deactivate the old one.
Lucky for us we can achieve this in a matter of sec using a free plug-in called WPS Hide Login.
So after we install and activate the plug-in we just need to hover over settings in our left dashboard menu and then click WPS hide login.
Here at the bottom beside where it says login URL we can change WP – admin to whatever we like then when we’re done
Click Save Changes at the bottom and this is going to be our new login URL from now on.
If we log out of our site and try to visit our old login page we’ll see that we now get an error message saying that the page can’t be found and if we visit our new login URL we can log in here.
Just be sure to write down the new login URL because if we forget it, it can be a real headache to get logged back in depending on which hosting company we’re using.
2. Security tip to cloak your WordPress Username 9/10:
The admin username or login name of a WordPress site is the same as the author name which can be seen on blog posts and this is especially true for personal blogs or sites with only one author.
So cloaking our username is a quick and easy way of increasing our WordPress security and we don’t even need to install any plugins. We can do this right away from within our WordPress dashboard.
Goto Users > Your Profile
Now if we scroll down to where it says Nickname. We can change what’s in this box to whatever we like then we just need to choose our new nickname using this drop down list and then if we scroll down to the bottom and click update profile we can visit our blog and take a look at any of our blog posts and we’ll see that the author name now chooses our nickname but we’re still going to use our original username for logging in just as a quick tip we should never use admin or administrator as our username this is far too easy to guess and it’s commonly targeted by bolts if we really need to use admin we can set it as a nickname so it shows up on our site but we shouldn’t Sat it for our actual username for logging in security tip 3 limit WordPress login attempts so when we first install WordPress it set up the aloy unlimited login attempts this means we can enter the wrong login details as many times as we like without anything happening now this is great for those times where we can’t remember which of our hundreds of passwords we decided to use this time but on the downside it also enables scammers and hackers to use BOTS that repeatedly attempt to guess our login details lucky for us though we can easily solve this problem by installing a free plug-in called limit login attempts reloaded after installing and activating the plug-in we just need to hover over settings in our left dashboard menu and then click limit login attempts on this page beside where it says lock out we can change the following information for a load retries this is how many attempts we’re going to a lie before lockout and not recommend setting this to maybe two or three as we all miss type our own passwords sometimes then under this we have minutes lockout and this is how long the users going to be locked out for under this we can increase the lockout time for repeat offenders and then finally we can set the number of hours before retries will be reset once we’re done here we just need to scroll down to the bottom and click see if options and now even if someone does find our login page they’re only going to have a limited number of attempts before getting locked out sorry to interrupt but if you’re enjoying the video so far could you please give it a like here on YouTube to show your support not only will this show me that you liked the video but it’s also going to help me grow the channel and help even more people with my videos I’d really appreciate it if you did but even if you don’t I still think you’re awesome for making it this far in the video anyway back to the security tips security tip for I’d a security question to the wordpress login page as you’ve probably guessed already one of the most vulnerable places on our WordPress site is our login page so it makes sense that we focus a decent amount of our efforts protecting this particular page that’s why I recommend adding a simple security question which is basically the equivalent of having a second password it might take us a few extra seconds to get logged in but it’s almost going to eliminate the chances of someone gassing their way in the our WordPress dashboard so the oddest security question on WordPress we just need to install another free plugin and this one’s called WP security question after installing and activating the plug-in we just need to hover over WP security questions in our left dashboard menu and then click plug-in settings on this page we’re going to see a list of predefined security questions which we can use or if we don’t want them we can just click remove or if we want to create our own we can just delete the text from any of these boxes and replace it with whatever we like then under this we can set what pages we want our security question D appear on so for me I’m just going to set this for the login screen but you can choose whatever pages you like then once we’re done here we can click see of settings at the bottom and now we just need to assign which question we’re going to use so to do this we can hover over users in our laughs dashboard menu and then click your profile now if we scroll down to the bottom underneath my security questions we can choose which security question we’d like to use and then underneath we can enter our answer in this box then we can click update profile at the bottom and this is our security question now setup if we log out of our site and visit our login page we’ll see that we now need to choose and answer our security question before we can login just be sure to write down the question and the answer so you don’t forget it this is another super easy way to improve our WordPress security and especially after changing our law can page URL including our username which we covered in the previous steps security tip 5 set up the wordfence plugin installing the free wordfence plugin helps us to secure our WordPress site and in more than one way this includes a firewall which is going to monitor all of our sites traffic looking for signs of suspicious activity malware scans which we can use to scan all of the files that make up our site looking for malware or any other dodgy files that shouldn’t be there then it also lets us hide which version of WordPress were using which is something hackers can use to exploit our site and especially if we don’t always update WordPress as soon as the new updates are available now the plug-in does let us do some other stuff as well but these are the three main things we’re going to be covering in this video so after installing and activating the wordfence plug-in up at the top we should see a button that says click here to configure and we just need to click this to setup our firewall then here we just need to download our htaccess file and any other files listed here and this way of the plug-in causes any issues we can bring it back to where it was so to download these files we just click on them and once they’re downloaded we can click continue and that’s going to be our firewall noise setup it really is that easy so we can just close out of this and then on the left hand side we’re going to click all options then we’re just going to click into general wordfence options and check this box that says update wordfence automatically then if we scroll down we can also check the box labeled hide WordPress version and once we’ve checked these two boxes we can click Save Changes in the top right then finally we can scan our site for any malware or dangerous files by clicking scan in our left dashboard menu and then clicking start new scan this will only only take a few seconds to complete but obviously for larger sites this can take a little longer then once the scan is finished we just need to scroll down and we’ll see anything that to be fixed or changed to improve our site security so as we can see on my example site one of the plugins I’m using hasn’t been updated by the Creator in a while so I should maybe go and make sure it’s still doing its job and working correctly and other than that this site seems to be pretty secure but just have a read through any warnings that you might have and we can click where it says details on the right-hand side and that’s going to show us more information about the issue and how to resolve it then once we’ve fixed it we can just mark it as fixed and it’s going to be removed from the list so that’s us now at the end of this video and that was hard to secure a wordpress site against hackers in five simple steps now we should bear in mind that these really are only the basics of WordPress security but they’re definitely still a great place to start for beginners if you’d like me to create a more in-depth training on WordPress security please leave a comment underneath saying hashtag WordPress security if more than 40 people comment this I’ll get to work right away on a more in-depth WordPress security course and that now brings us to the end of this tutorial I hope you found it helpful and if you did please give it a like here on youtube to show your support and consider subscribing to the channel for more wordpress tutorials and videos published every week once again my name is Marty from let’s build WP comm and thank you very much for watching my video