First Time Blogging WordPress Security post talks about the importance of applying good security measures in your site using different methods.
Last Updated: April 15, 2019
Latest News: I fixed a broken links.
Security is something you cannot take lightly and forget, you must keep a vigilant look out to make sure your site is secured. To prevent your site from being hacked you must put in place different methods that can prevent this from happening.
Photo by woodsy from Rgbstock website.
First Time Blogging WordPress Security Steps
The following steps can help you achieve a more secured site. If you read through this tutorial you should be on the way to having a much more secured site. There are many other ways to have a secured site.
I have included a few plugins to help you secure your site. One that I highly recommend is All In One WP Security & Firewall. This is one of the first plugin I set up in all my websites and projects.
Recommended Security Plugins:
- All In One WP Security & Firewall
- Bullet Proof Security
- iTheme Security
To learn more about the recommend security plugins for your WordPress site click on the following URL WordPress Security Plugins.
Two Factor Authentication
If you are serious about your website and you want more security then you should set up Two Factor Authentication. This can also prevent anyone from hacking into your website. This is simple to set up with the help of a plugin. The following URL Google Authenticator Security WordPress, shows you how to achieve this.
If you need to check your website for vulnerabilities and or virus, malware, trojan or any other security issue click on of the following links. They provide a free service online to check your site. They also have a professional service to monitor your websites.
Security Scan Sites
You might also be interested in the following website Packet Storm Security. This website does a superb job at finding any security or vulnerability in WordPress plugins. However let me assure you that the WordPress moderators and developers already do a great job in monitoring and temporarily removing a plugin from the repository if it has any security issues until the plugin authors create a patch to secure the plugin.
The following plugin Get Off Malicious Scripts (Anti-Malware) mentioned in Step 8, helped me clean out 2 sites that were attacked by a malware script. This plugin cleaned out two files that were infected with this malware script.
The following two plugins Anti Spam Bee and Si CAPTCHA Anti Spam are only a couple of plugins that will help you fight spam on your website or blog. There are many more plugins in WordPress repository. Click on the following URL WordPress Anti Spam Plugins to learn more.
Many keep forgetting that WordPress has an area that can help you blacklist ip addresses, names, ulr’s and more.
Log into your website as admin and go to Settings -> Discussion -> Comment Blacklist. and start adding ip address, names and URL’s. Github has provided a better solution for you to keep this list growing. Click on the following URL Comment Blacklist For WordPress to learn more.
Everyone is hearing that Google is in a way pushing everyone to use SSL in their websites. Another words your website URL would begin with https://.
In reality whether you think it is important or not it makes total sense. If everyone uses encrypted security on their website, hackers would find it almost impossible to hack your website. Most important you want to make sure the data travelling from a computer/ laptop to your site and back is secured. The question that many of you might be asking is, When should you upgrade or not your site?
If you are selling products online then the chances are you have already set up your shopping cart pages with SSL security. If you haven’t then I suggest that you implement this as soon as possible. When implementing SSL security on a couple of pages, why not have the whole site secured, this makes total sense.
For all those who don’t sell products online, then it is up to you whether or not to set it up. However I have read that if you have a contact form in a page, that page should also be secured. I have yet to decide whether or not to go in this direction. Just remember that if you set it up, make sure you carry out some tests to make sure you don’t loose your Google Page Rank and you don’t have any warnings or error messages popping up.
Nowadays Google has improved this factor substantially. If you decide to implement this security smoothly and correctly you should not loose any page rank. You might loose some page rank at the beginning, when you first change over. But your site should climb back up fairly quickly. On the other Google will boost your site’s page ranking a bit because Google likes secured sites.
Information On SSL and HTTPS
- Google Ranking Factors by Brian Dean
- HTTPS as a Ranking Signal by Google Webmaster Central Blog
- SSL Server Test by Qualys’ SSL LABS
If your website is hosted in an Apache server, check to make sure your server is running the current PHP version. This is very important because an outdated PHP version can make your site vulnerable to hacks. You might like to read the following URL PHP Supported Versions to learn more.
If you run your site in a VPS or Dedicated server you might like to read the following URL How To Update PHP Version in a VPS Server.
If your server is using MySQL database, make sure it is up to date. If you are managing a VPS or Dedicated server running Apache, you might like to read the following URL How To Upgrade MySQL In Cpanel. This link shows you how to check and upgrade MySQL in your server via WHM.
Note: To learn more about MySQL versions, click on MySQL – Wikipedia.
Click on the following URL Speed to continue with the setup.
You can also check my WordPress setup tutorials. I am constantly adding new ones.
If you have any questions please let me know. I will be updating this post from time to time so keep coming back for the latest.
First Time Blogging Using WordPress List: