First Time Blogging WordPress Security post talks about the importance of setting up good security in your site with different plugins and more.
Last Updated: March 3, 2022
Latest News: Updated the documentation.
Security is something you cannot take lightly and forget, you must be vigilant and make sure your site is secured at all times. To prevent your site from being hacked you must put in place different methods that can prevent this from happening. The following instructions provides a list of security plugins, services and techniques to help you achieve this.
Photo by woodsy from Rgbstock website.
First Time Blogging WordPress Security Steps
The following steps can help you secure your site. If you read through this tutorial you should have a much more understanding about security and how important it is. At the same time, you will find ways to protect your site from hackers.
I have included a few plugins below to help you get started. A security plugin that I highly recommend is All In One WP Security & Firewall. This is one of the first plugin I install and set up in all my websites.
Security Plugins
The following is a list of very popular security plugins that I recommend. They are maintained and updated regularly and have a huge number of active installations.
Recommended Security Plugins:
- All In One WP Security & Firewall
- Bullet Proof Security
- Wordfence
- iTheme Security
To learn more about the recommend security plugins for your WordPress site click on the following URL WordPress Security Plugins.
Two Factor Authentication
If you are serious about protecting your site from Brute Force attacks, then you should set up Two Factor Authentication. The following URL Google Authenticator Security WordPress, can help you further.
Recommended Plugins:
Security Scan
If you want to check your website for vulnerabilities, viruses, malware, trojans or other security issues, check the following links.
Security Scan Sites
- Sucuri Security
- wpscans
- WordPress Security Scan
- wprecon
- Packet Storm Security. This website does a superb job at finding any security or vulnerability in WordPress plugins. (Note: WordPress moderators and developers already do a great job in monitoring and temporarily removing a plugin from the repository if it has any security issues.)
Malware Removal
The plugin Get Off Malicious Scripts (Anti-Malware) can help you maintain a clean site. I had a site that was attacked and infected by a malware script. This plugin cleaned out the site with ease.
Fighting Spam
The following two plugins Anti Spam Bee and Si CAPTCHA Anti Spam are a couple of plugins that will help you fight spam in your blog. There are many more plugins in WordPress repository. Click the following link WordPress Anti Spam Plugins to learn more.
Many keep forgetting that WordPress has an area that can help you blacklist ip addresses, names, ulr’s and more.
Log into your website as admin and go to Settings -> Discussion -> Comment Blacklist, as illustrated in the image below and start adding ip address, names and URL’s. Grant Hutchinson, has provided a easy way for you to keep this list up to date. Click the following link Comment Blacklist For WordPress to learn more.
SSL Certificates
Everyone knows that Google has been pushing everyone online to use SSL security their websites. In other words, when you setup an SSL certificate in your site, the URL begins with https://.
In truth whether you think it is important or not it makes total sense to have SSL security setup in your site. If everyone online uses encrypted security in their site, hackers would find it challenging to hack the site. It makes sense to sure the data online travelling from a computer to your site and back is secured. A question you might be asking yourself. When should I upgrade my site with SSL security?
If you are selling products online then chances are you already have set up your shopping cart pages with SSL security. That means that a couple of pages are now secured with SSL security. So, if you have a couple pages secured, why not secure the whole site? This makes total sense to me.
For all those who don’t sell products online, then it is up to you whether or not to set up SSL security in your site. However if you have a contact form setup in your site, that page should also be secured.
Don’t worry too much about losing your ranking because nowadays Google has improved this factor substantially. If you decide to implement SSL security and it is done smoothly and correctly you should not lose any ranking. You might lose some page rank at the beginning, when you first change over from http:// to https://, but your site should climb back up fairly quickly. On the other hand, Google will boost your site’s page ranking a bit because Google likes secured sites
Information On SSL and HTTPS
- Google Ranking Factors by Brian Dean
- HTTPS as a Ranking Signal by Google Webmaster Central Blog
- SSL Server Test by Qualys’ SSL LABS
PHP Version
If your website is hosted in an Apache server, check to make sure your server is running the current PHP version. This is very important because an outdated PHP version can make your site vulnerable to hacks. You might like to read the following URL PHP Supported Versions to learn more.
If you run your site in a VPS or Dedicated server you might like to read the following URL How To Update PHP Version in a VPS Server.
MySQL Version
If your server is using MySQL database, make sure it is up to date. If you are managing a VPS or Dedicated server running Apache, you might like to read the following URL How To Upgrade MySQL In Cpanel. This link shows you how to check and upgrade MySQL in your server via WHM.
Note: To learn more about MySQL versions, click on MySQL – Wikipedia link.
Email Server Security
If you manage your server or your site is hosted in a shared server you need to make sure the following email security options are setup correctly. We all know what a nuisance it is to receive spam emails. At the same time you don’t want your email to be branded as a spam. For that reason enabling and setting the following can prevent this from happening. At the same time you want to also protect your email account from getting abused and used by others inappropriately.
Email Sever Security Settings
- DKIM = Check the following link https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail to learn more.
- SPF = Check the following link https://en.wikipedia.org/wiki/Sender_Policy_Framework to learn more.
- DMARC = Check the following link https://en.wikipedia.org/wiki/DMARC to learn more.
Tools to check your email
- https://mxtoolbox.com/ = This provides a list of tools you can use to test your email.
=================================================
By now you should have an extensive knowledge of what security means and how to secure your site.
Click on the following URL Speed to continue with the setup.
You can also check my WordPress setup tutorials. I am constantly adding new ones.
If you have any questions please let me know. I will be updating this post from time to time so keep coming back for the latest.
Enjoy.
First Time Blogging Using WordPress List:
I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.