Tips & Plugins To Secure your WordPress Website

Security of your website is the most important & crucial things you have to concern when you build or host your website. Many websites hacked due to lack of security holes on your website. So treat your website as your child and take care of it first because that’s your first priority and provide you success in future while gaining respect in online world.

As we protect our children when they are growing up from bad habits, same way as your website grows protect it via online threats (hacker, bots, viruses, malware etc..) which causes harm to your website. So all round security and safety steps is taken to avoid any future problems.

Today we are going to list some tips which you quickly do after installing WordPress and we also going to list some best plugins which help you in securing your website. Let’s check out the security tips:

{Basic security tips to secure your WordPress}

1). Hosting Matters

If you use cheap hosting then you probably going to risk your website. As many hosting companies offer cheap prices for hosting your files on their servers. if you site is new and you just started then it’s fine. But as your website getting success and traffic then you have to think to moving with highly secure server because most shared hosting not secure. Many website on one server and if one got infected then it may affect your website too. So it’s better to move on a server with less sites hosted and have security protection to secure your files from others.

Right now we are using SiteGround servers and we are very much happy with their support, security and features of SG SuperCacher which enhance your website with super fast speed by:

• Static Cache: Static Cache is the simplest form of caching. What it does is when a page of your site is loaded, it takes a copy of your static content – e.g. Images, CSS Stylesheets, Java Scripts, Flash Objects, etc. – and puts them into the servers’ RAM Memory.
• Dynamic Cache: Dynamic cache differs from Static cache and Memcached by one simple thing – the latter two only cache parts of your website – e.g. images or a query result. With Dynamic Cache the whole web pages are cached.
• Memcached: Memcached is probably the most popular memory caching system that is used by thousands of database-driven sites on the Internet including YouTube, Facebook, Wikipedia. It speeds up these websites by caching results from database queries in RAM. Thus, if the result of the same query is needed again, it will be instantaneously taken from the RAM, rather than generated again from the Database, which is usually a slower process and requires more computing power.

2). Use Strong Password

Always use srong password which harder to guess for anyone. Password like ‘12345’, ‘abcdef’ or ‘yourname’ is quick any easy for anyone to get into your site. Use password generator to get secure password and do mind it it in a safe place for later use. Try service like LastPass. LastPass save your passwords so you can focus on your content not on your password.

3). Don’t use ‘admin’ as username

If you installed wordpress and use username as ‘admin’ thats not advisible at all. Anyways if you using ‘admin’ then don’t worry simple solution is to create another username as administrator and delete ‘admin’ username while deleting makes sure, you assign all the existing posts to your new user account.

4). Always Up-To-Date

WordPress frequently give update notifications, that you see in your WordPress dashboard. Update your WordPress and plugins for better security.

5). Use CloudFlare for Security and Performance

CloudFlare is known for their CDN and Security provider for websites. They make your website secure and faster in just 5 minutes. We are using on site and you may notice that our page loading much faster. CloudFlare is best free CDN provider and best part is that they provide security option to secure your website. You can create ‘Page Rules’ with security setting on it. If you getting constant email about unauthorized access to your admin or login area then CloudFlare very helpful in providing security to that area via ‘Page Rules’.

You just have to create ‘Page Rules’ for particular URL and all things manage via CloudFlare protection. In free account you only allowed to create 3 page rules. Please check the image below for securing your login page with CloudFlare ‘Page Rules’.

On CloudFlare dashboard click on the domain setting icon and you will see ‘Page Rules’ from where you can create page rules for your website. Use the setting as mentioned on image below.

• Put your domain login page URL.
• Forwarding : Off
• Always use https : Off ( As we activated SSL on our domain that’s why its enable)
• Custom caching : Default
• Browser cache expire TTL : Count it down to 30 minutes
• Always Online : Default
• Apps : Off
• Performance : Off
• Railgun : On (As we our hosting with CloudFlare Optimized Hosting Partners, that’s why this feature activated)
• Security : On
• SSL : Default
• Security Level : I’m Under Attack
• Browser Integrity Check : On
• Add Rule (Done)

Do check out our other CloudFlare Tutorial for making your site more faster and secure:

1). CloudFlare : Speed Up Your Website
2). How To Get Started with Cloudflare Universal SSL

{Plugins to install for maximum protection}

1). Clef Two-Factor Authentication

Secure two-factor that people love to use: strong authentication without passwords or tokens; single sign on/off; magical user experience. Clef use location, usage, and hardware data to make sure every authentication is genuine. With each user tied uniquely to a phone, Clef protects your site from fraud and abuse. Clef security team handling threats, you’ll have more time to focus on product.

2). iThemes Security

iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. Most WordPress admins don’t even know they’re vulnerable, but iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.

3). 6Scan Security

6Scan Security provides comprehensive enterprise-grade security with frequent site scans, powerful firewall, automatic backup, web analytics and much

4). Security by Supsystic

Security plugin allows minimizing the risk of unauthorized access to your website, admin area and files. Plugin performs constant monitoring of suspicious activity and is capable of promptly responding to secure alerts. Convenient setting manager will explain the necessity of each secure feature, allowing selecting the security level. Country blocking, captcha on login, schedule scans all these security options available for free.

5). Wordfence Security

Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.

6). Sucuri Security

The Sucuri Security WordPress Security plugin is free to all WordPress users. It is a security suite meant to complement your existing security posture. It offers it’s users four key security features for their website, each designed to have a positive affect on their security posture:Security Activity Auditing, File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions, Security Notifications, Website Firewall etc.

7). LaunchKey

LaunchKey is the mobile authentication platform for the post-password era. With LaunchKey, an individual’s unique mobile phone or tablet is transformed in to a smart key capable of authenticating its owner to any online or offline application, including WordPress! LaunchKey plugin allows you to protect your WordPress site with biometric face scan and fingerprint scan!

8). Akismet

Akismet checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

9). Disqus Conditional Load

Advanced version of Disqus Commenting System. Experience the boosted page loading speed difference. This free plugin adds advanced features like lazy loading and SHORTCODE, script disabling etc to official Disqus plugin. Disqus is best option to get rid of spams.

10). VaultPress

The VaultPress plugin provides the required functionality to backup and synchronize every post, comment, media file, revision and dashboard settings on our servers. To start safeguarding your site, you need to sign up for a VaultPress subscription.

Hope this post solve your WordPress security related queries. If you need any further information about the security or plugin information do let us know on comment below. Thanks!