UPDATE: Many users are reporting problems while using this plugin. The plugin is a little complex and make changes to your wordpress at a deeper level. So, if you don’t know anything about a particular option in the plugin, it would be a good idea to search about it first, or ask me or friends, otherwise leave it as it is. I will try to help as much as I can. Read the comments, you’ll find problems and solutions . Thank you!
“Is my WordPress site secured?, Do I have the best WordPress Security Pugin?” Have you ever asked these question to yourself? I did. When one of my friend’s site got hack. Nothing like hack, actually. But it was all messed up. The site was showing some homepage designed by the hackers. All other pages and posts were showing fine. Someone messed with .htaccess file and maybe with the theme files. A simple theme change was the simplest solution to get over the whole problem.
After all this, I came to my WordPress dashboard and had a look to my security plugins. If they were working fine and if my blog is secure from these type of attacks. There are tons of security plugin out there. Most of them has different work and are for different purpose. But what if you can get a single security plugin which can do most of your work?
I have got a very good WordPress security plugin, best for me, which can handle most of the work for me easily and automatically. The name of that WordPress security plugin is Better WP Security.
WordPress Security Plugin – Better WP Security
Better WP Security – The easiest, most effective way to secure WordPress. Improve the security of any WordPress site in seconds.
There are lot of awesome features of this WordPress security plugin. It obscure vulnerabilities (reason for most of the WordPress attacks) , protect the site by blocking users (who tries to attack), detects of all other vulnerabilities and bots and a few more. So, instead of copying all those features, description of this WordPress security plugin here in this post, I would suggest you to have a look at the plugin page and read all about it (MUST READ about a plugin you are going to use). And I will focus what you should do after installing this WordPress security plugin so that you wouldn’t mess up with your site (there are lot of easy ways to mess up the things 🙂 ).
How to secure your WordPress site with Better WP security plugin?
After installing the plugin, you’ll be taken to your WordPress dashboard (if not, go yourself) and you will see a welcome message where the plugin will be asking you to make a back up of your database which will be sent to your email address associated with your site. COOL!
Of course create a back up, get it from your inbox and save it in your hard drive.
Next, you’ll be asked for the permission to edit WordPress core files like wp-config.php . I would recommend you to allow this. But make sure to read the message it will show while asking for this permission like below:
Finally, after this you’ll get an option for One-Click Protection from basic attacks. Click on the button which says “Secure my sites from basic WordPress attacks”.
Okay. Now we are safe from Basic attacks. But it doesn’t mean our site is completely secured and cannot be hacked or messed up by bad guys out there. After this we are taken to our dashboard where we are up with our WordPress site system status. It will show 19 things you need to work on, like in the image below.
No need to panic if you see items in RED or ORANGE which means your site is not secure on those items. As you can see, there is a link “Click here to fix”, which will take you on the respective item’s settings where you can alter it and secure your site in just few click (nothing complicated there).
The question is, should you do all 19 fixes suggested by this plugin? And the answer is NO, especially in case you are doing all that on your old site, not on a fresh one.
So, for newbies who are new to WordPress and a bit non- techie, here I’m sharing which of these 19 options you should fix and how.
So, in the system status page you will see (also, as in the image I shared above) #3, 4, 6, 8, 11, 12, 15 are already in Green. So, we don’t have to worry about it.
For #1, you can leave it because it is already set for administrators password.
#2. You can go with the Fix suggested by the plugin. When you’ll click on the link “Click here to fix” you will be taken to header tweak settings. Check all three options there.
#5. Now, you have to be a bit careful. If you have a new website and a fresh installation of WordPress then you can go with this fix BUT if you are doing this on your old site then I would suggest you to skip this one. It can mess with your site and posts you have published already.
#6. Database backup: This one is already set to schedule back up regularly. You can edit the settings in the left bar of this plugin. There are two options, one is to get an email of every back up and another is to get the back up in any of your folder and you can get it via FTP client.
#7. I recommend you to do this fix. It will lock your dashboard when you don’t use it. For example, I’m sure you don’t visit your dashboard after you are slept. So, you can enable the Away mode by this option. You can select the time after which the site backend will be disabled and when it will be enabled again. Now, you can sleep without any worry. Anyone visit any dashboard link will be redirected to blog homepage.
#9 and 10. Fix it. There no problem in doing that.
Note: If you do #9 fix then your Login, register URLs will be changed to whatever you make it.
Now, you can leave the rest. One important one is #16 but now we have our .htaccess file fully secured. So, we can skip this.
I’m suggesting to leave the rest because all the other options may cause conflicts with some plugins and themes.
This is really helpful to stay safe from brute force attack. Brute force attack is like a software trying to login many times with all possible combinations. You can enable/edit this option from left sidebar of this plugin. The plugin will block if a host will enter wrong password more than the times you set. Set email notifications, so that you will be notified every time a host is blocked.
I get 2-3 emails every day, when a host is blocked. When a host is blocked more than 2-3 times, it means may be that host is trying to enter my site. Then I just BAN that host/IP (again, in the left sidebar).
You may get email many times or will get warnings in your dashboard but just have a quick look. It will notify you every time, about every change in your WordPress files.
Which WordPress security plugins you use?
I would love to hear from you. Which plugins you use, why? It would be great if you can share with my readers here.