Secure your WordPress Website with Seven Solutions.
1. Secure your website by moving from HTTP to HTTPS before July 2018.
Failing to make the necessary changes will result in Google marking your website as “Not Secure” in the URL. To secure your website one needs to create a SSL certificate. There are a number of companies out there providing these certificates, some for a small fee, others such as website hosting companies are including SSL certificates for free as part of their hosting package.
My hosting company Fastcomet.com is one such example. They are offering free SSL certificates, which is great as my website is now secure. Happy days!
If you are with Fastcoment.com and don’t have a SSL certificate installed against your website, go to the control panel and do a search for “Let’s Encrypt SSL“. Everything you need to do is on the page and it is very easy and FREE to set up.
2.Don’t forget to change your General Settings.
If you don’t update the WordPress Address (URL) and Site Address (URL) your dashboard and login page will still appear as HTTP:// and thus be insecure, so remember to change it here (see above highlight).
3. Let Google Webmaster Tools know of your HTTPS website URL.
There are other steps to follow to ensure proper security, one of them is by visiting Google Webmaster Tools to verify your secured domain. One needs to add the new https:// website URL as well as a new sitemap. There is plenty of information on the website on how to do all of this.
4. Don’t forget to secure your headers.
Another area one needs to focus on is HTTP Strict Transport Security (HSTS), a bit of a mouthful and yes it starts to get a little technical here. Basically one needs to secure the headers. One can read all about it here at the SSL Store as they cover the topic pretty well, suffice to say all I did was search WordPress for a plugin, which sorted it out for me. The plugin is called Security Headers.
5. Remove the login screen (/wp-admin.php or /wp-login.php) from your WordPress website.
There is a great WordPress plugin called WPS-Hide Login, which as the name suggests, hides the default login page. One is able to create a new path to the login page in the Settings > General page. It can be anything you like. It prevents someone other than you from accessing your login page.
6. Set a strong password for your WordPress website.
Hackers these days are a sophisticated bunch, so setting a good, strong, long password is crucial. Avoid names, birthdays and words that are super obvious, instead go with a randomly generated password that contains a mixture of letters (A-Z, a-z), numbers (0-9) and punctuation characters (!%@#*). Obviously remembering a long, random password is tricky and that is where password managers such as LastPass come into their own. I covered LastPass in a previous post so do have a look and read. Go Premium or Families if you can spare the $2 or $4 per month, it’s worth every dollar.
7. Two factor Authentication (2FA) is an absolute must have.
This Two Factor Authentication WordPress Plugin by David Nutbourne and David Anderson is absolutely brilliant. As their website says;
By default, WordPress is protected only by a password. Once somebody guesses your password, they have all access. “Two Factor” security is about adding a second factor. This plugin uses the most popular implementation of TFA: one-time codes that are shown on your phone/tablet/other device, but which do not require you to be connected to a network (i.e. you don’t need to be online/receiving SMSes, etc.).
It is a paid plugin with a lifetime of updates, but worth every penny. Visit the plugins website to see the benefits.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
We are Mike and Jo Bowen. Originally from South Africa, we now live & work in the United Kingdom. Mike is the blogger, beer drinker, gadget man, reviewer and Jo is the proofreader, wine drinker, cat lady, sanity checker and “don’t you dare put that on lookatbowen.com“. Together we travel the world and have fun wherever possible. If you are new to this website and want to know more about us, check out the the longer version.
- Bucket List – Spend a day with friends in Washington D.C.28th August 2018
- How to change default rowlimit (10 posts) on SharePoint 2013 blog?In Advice11th July 2018
- Rock legend Bryan Adams wows Bowen at the O2.1st June 2018
- Lookatbowen.com is GDPR (General Data Protection Regulation) compliant.30th May 2018
- Bowen purchased a pair of Oakley Turbine Prizm P sunglasses.20th May 2018
- Advice (59)
- Animals (16)
- Beer (12)
- Blog (8)
- Bowen (380)
- Brands (184)
- Drone (5)
- Humour (108)
- IoT (2)
- Home Automation (2)
- Music (64)
- NYE (6)
- People (67)
- Reaction (53)
- Shares (6)
- Sport (98)
- Technology (66)
- Video (89)
- World (104)