Security is an really important topic, and if you’re one of many other WordPress users you might have seen many login attempts, and some of you may even have been unfortunate enoguh to have your site hacked – that sucks, and that’s why we need to step up our game and increase the security with a few simple steps that I will walk you through. We wouldn’t want our WordPress site be a part of the problem would we?
How to make WordPress secure
When I was going to secure my own websites I begun researching different plugins that would help out with the major WordPress security issues, one to mention is the fact that every WordPress installation has the same address to the admin dashboard /wp-admin/ changing only this would make it a lot safer, or the fact that you might have an actual admin account named admin. But how would one go about doing all of these stuff? Well you could get one plugin to fix each problem separately, or you could use one of a few whole-package-kind-of-deal. I went with the latter option, and I will list three highly recommended ones that you can try out for yourself.
iThemes Security – 4,7/5
Let’s begin with iThemes Security plugin, I feel this plugin is a really good all-in-one solution and it’s ease of use is really appealing. When you’ve installed it you can see a long list of items that needs your attention color coded according to priority.
Follow this easy interface and secure as many of them as you can, and as you see fit – you should at least take care of the High Priority and most of the Medium Priority, one of the high priority you should take care of is the admin account with it’s id of 1, this is not a good idea.
It will not take you long to complete many of the steps this plugin suggest and it will give you peace of mind, be proactive with security!
All In One WP Security & Firewall – 4.9/5
This one has a lot nifty features at the cost of a little harder setup, some of the nice tools are WHOIS Lookup and Maintenance Mode which can be a really practical way to be able to try out new themes and plugins before it goes live in front of your users. You’ll also get a pretty nice, and something that is both nice and a flaw in my opinion is the ability to edit your .htaccess and your wp-config, the latter is in my opinion a security flaw since it contains your database information – but the .htaccess one can make it easier to put on an extra layer of security – but it can also give you headache setting it up . This image below shows a gauge and a pie chart to give a visual of how secure your wordpress is, but I still found this plugin a bit hard to setup – maybe for the little more tech savy.
It still has basically everything you need and about the same features as iThemes has, but it is not as easy as clicking “just fix it already” – well almost at least. I found that this took a little bit longer to setup but it’s packed with good features, and as I mentioned above a few flaws (in my opinion).
Wordfence Security – 4,9/5
At a first glance, this plugin gives you a well documented tour of all it’s feature and that is an impressive way to introduce you to something as important as securtiy. It’s packed with features, every single one of them have a link to a fairly well documented page. But I must say I miss a few features that both iThemes and All In One WP Security & Firewall have – to obscure the wp-admin, changing username and so on.
Maybe it would be a good idea to use WordFence in tandem with one of the above plugins but that is of personal preference, and you’d have to try it out and see what you think yourself. I’ve heard much good about WordFence both free version and paid premium version, but I’d really need to bang on my own WordPress to actually make a proper decision – or be under attack.
More ways of securing your WordPress
It’s easy to focus on WordPress it self, but there is more you can focus on to keep your site safe – and every bit counts.
Adding an .htaccess file
One of these is the .htaccess I mentioned above. This simple file will put an extra layer of security, will give you the little bit of extra peace of mind while you sleep at night. But I’d also like to mention that your site performance might take a small hit, unless you have your own server or VPS and can put it in your apache config, since it will be read every time the site is accessed. But if you feel like the trade off is worth it, and you’re a bit patient and tech savvy you can try out these resources:
- htaccess tools authentication generator
- htpasswd tool for generating password file
- The definitive guide to htaccess and WordPress
This is my least favorite part of all the tips and tricks of securing your site, choosing a web host just because it’s the cheapest is not really a good idea – they’re usually the cheapest one for a reason. Try and find a few reviews before you decide on a web hosting company, it shouldn’t take you too long. If you’ve found a good web host they might even be able to help you secure your WordPress site.
I’ve talked some about three of the more popular plugins to secure your WordPress, and I also made a poll on Facebook to see what other users had and what their opinions were – the champion of these three were WordFence with amazing 53%, were many used this plugin on all of their sites. iThemes Security & All In One WP Security & Firewall got the same amount of votes and landed on 21%, and the last option which were Another plugin got only 5% of all the votes.
Try out some of these plugins and you’ll probably notice how valuable these are and hopefully your site will be much safer from hackers and ill-doers, you should try them out and see which one you like the best, leave a comment and tell me which ones you like the best.