Securing WordPress is one thing every one thing every one knows it needs to be done. But not every one knows how to do this, even though there exists some pretty good out of the box options which do most of the heavy lifting. Let’s talk security!
In the article above they state that this is not a quick fix to securing your WordPress website. Though I would like to give you some quick and easy tips on securing your website. If you want to go more in depth (and you might need to if you are growing and getting more attention) please read the entire WordPress codex on hardening your website. If not, continue reading here and I’ll present some quick and easy options.
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by a suite of additional features, Wordfence is the most comprehensive security option available.Wordfence.com
Is this true? Well, yes. It is one of the easiest ways I’ve found to secure your WordPress website that I have found. In basic terms it will keep the attackers out in the most simple way. Blocking their IP on the very first attempt of logging in with a non existing username. Also, you’ll get a nice dashboard for these actions to see who tried to login and from where. Though, it might be wise to soften these restrictions when you are building a platform where users are going to need to login a lot, or as a E-commerce platform with client dashboards and such.
But, in my experience while using Wordfence in the last couple of months I have run into some common issues. Mainly because of the good firewall that is protecting us. It will also blocks all new non HTTP(S) connections to the website. Therefore what happens in my case is that a lot of new functionality will get blocked. For instance, if you have an e-commerce website that uses a third party for shipping.
Go check-out Wordfence, install it in your new and existing project to increase its security. You won’t regret this!
As should be common knowledge for every one in the world, you should never use Root or Admin (or any options alike) as your username. This is basic security knowledge of any internet facing application or system, though a small reminder is never bad.
2. IP- geoblock
IP geoblock is a very nice addition to Wordfence. If shit goes south you could say, this might save your day. For example, I come from a verily small country and with IP geoblock I am able restrict the admin section of this WordPress blog. That would be if someone passes Wordfences security and is able to get in here, they won’t be able to make any changes to the site what so ever because of the restriction on IP and region basis. This makes for some extra decent security of your website or blog. And it is free! Why not use it?
Similarly, to Wordfences case, it can cause some issues. It was known to be a bit buggy, at least it was in early stages of the plug-in. Furthermore, if you forget to un-restrict, lets say, the country you will visit when you are on holiday or business travel. You might have a hard time getting in if you don’t know your way around with a VPN.
After this writing it is not an invitation to try to get in here of course 🙂 I am just trying to teach some good manners on the security front of WordPress websites. They are easily affected with security issues. On the one hand because it is the biggest platform for bloggers, website and E-commerce in existence. Some say about 50% of the web runs WordPress, I am not sure if this is right, it might be.
I am just a simple project manager writing about managing websites and web shops. This is my day to day job and in my spare time I write about my learning’s on the job. This won’t be a management preach.Hugo