Keeping Your WordPress Site Secure
Online security is a big deal. Here are a few tips to keep your WordPress® website secure:
1. Update Your WordPress Website: Make sure to keep your WordPress core, themes, and plugins up to date. If you don't, you risk compromising your website's security.
If you installed WordPress through your hosting account; Log in to your WordPress admin panel, From the Dashboard click Updates, Follow the on-screen directions to update your WordPress website.
2. Install, Activate & Configure WordFence Security Plugin (https://wordpress.org/plugins/wordfence/)
3. Install Login LockDown (https://wordpress.org/plugins/login-lockdown): Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
4. Install and Setup 2-factor authentication (https://wordpress.org/plugins/miniorange-2-factor-authentication).
5. Install and Setup Akismet Plugin (https://wordpress.org/plugins/akismet/): Akismet checks your comments and contact form submissions against Akismet's global database of spam to prevent your site from publishing malicious content.
6. Use email as login: By default, you have to input your username to log in. Using an email ID instead of a username is a more secure approach. The reasons are quite obvious. Usernames are easy to predict, while email IDs are not.
7. Password-protect the wp-admin directory.
8. Use very strong passwords: Ensure that you only use strong passwords for all your logins. Using your username, date of birth or any word from a dictionary makes it easier for hackers to guess your password. You may visit https://strongpasswordgenerator.com to generate very strong passwords.
9. Use SSL to encrypt data: You will get an SSL free with any ExtraHostPro Hosting Package.
