7 Tips to a More Secure WordPress Website

#1 Update Regularly

  1. Backup your website prior to running any updates on your WordPress website. 
  2. Deactivate and Delete any unused or inactive plugins.
  3. Check for plugin and theme updates daily and update after first completing a current backup of your website. 
  4. Check website after completing updates to ensure the update didn’t cause any errors. 
  5. Only update your website on Trusted Networks. 

#2 Use Strong Passwords

  1. Do NOT reuse passwords. 
  2. Do NOT use admin, site name, or password in your username or password.
  3. Use a combination of letters, numbers and symbols in your passwords. 
  4. Install WPS Hide Login to redirect your website’s login to the URL you choose. 

HOW TO INSTALL AND SETUP WPS HIDE LOGIN PLUGIN

  1. Login to your dashboard
  2. Select Plugins >> Add New
Security Tutorial Slide 1

3. Search for WPS Hide Login and Click Install and then Activate

4. Go to Settings >> WPS Hide Login

5. Edit the Login URL to something else. This will be your new login URL. 

#3 Install A Security Plugin AND/OR Firewall

  1. Install a security plugin to protect your website from attacks. I recommend iTheme Security
  2. For added protect you can add a Firewall to your website. I recommend One Hour Site Fix

HOW TO INSTALL AND SETUP iTHEME SECURITY PLUGIN

  1. Login to your dashboard
  2. Select Plugins >> Add New
  3. Search >> iTheme Security
  4. Install and Activate.
Security Tutorial Slide 5

5. Go to Security >> Settings

Security Tutorial slide 6

6.  Check Enable Security Check…. 
7. Click Secure Site

8.  After Site is Secured. Go through all settings and enable all that apply.
Security >> Settings

 

Security Tutorial Slide 8

#4 Install An SSL Certificate

  1. Purchase and install an SSL certificate. (You purchase SSL’s through your hosting company and you can have them install it for you or you can select and install it through your hosting account. If your hosting is with Host Gator, use our SavvySiteDesigns promo code.)
  2. Install and Activate Simple SSL Plugin.
  3. Update your itheme Security plugin to redirect to https instead of http. 

 

HOW TO INSTALL SIMPLE SSL PLUGIN

  1. Login to your dashboard
  2. Select Plugins >> Add New
  3. Search >>Simple SSL
  4. Install and Activate.
Security Tutorial Slide 9

5. Click Go Ahead, activate SSL. 
6. Go to Settings >> SSL 
7. Click Setting Tab and Enable 301 .htaccess redirect.

Security Tutorial Slide 10

#5 Backup Website Regularly

  1. Install and Activate either All-In-One Migration and/or Updraft Plus to your website. 
  2. Schedule backups with UpDraft. 
  3. Make sure you backup prior to doing any theme or plugin updates. 

HOW TO INSTALL AND USE ALL-IN-ONE MIGRATION PLUGIN 

  1. Login to your dashboard
  2. Select Plugins >> Add New
  3. Search >>All-In-One Migration
  4. Install and Activate.
  5. To backup your website go to All-In-One Migration >> Export.
  6. Choose Export To >> File. (You have many export to options, choosing file will download the backup to your computer.)
  7. After export is complete click Download.
  8. Close after download completes.
Security Tutorial Slide 12
Security Tutorial Slide 13
Security Tutorial Slide 14

HOW TO INSTALL AND USE UPDRAFT PLUS PLUGIN 

  1. Login to your dashboard
  2. Select Plugins >> Add New
  3. Search >>UpDraft Plus
  4. Install and Activate.
  5. Go to Setting >> Updraft Plus Setting
  6. Click Backup Now
  7. To setup scheduled backup. Click Settings tab. 
  8. Choose daily, weekly, etc. 
  9. Choose how many to keep. 
  10. Choose where they will go. (Google Drive, DropBox, etc…)
Security Tutorial Slide 15
Security Tutorial Slide 16
Security Tutorial Slide 17
Security Tutorial Slide 18

#6 Prevent SPAM

  1. Manage Post Comment Settings.
  2. Add Google reCapticha to all forms. 

HOW TO MANAGE POST COMMENTS

  1. Login to your dashboard
  2. Go to Settings >> Discussion
  3. Update and Save Changes. 

You can choose what works for your needs, but below we have listed a few tips.
1. Reduce the number of links allowed per post
Manage under Comment Moderation.

2. Create a list of ‘blacklisted’ words
Manage under Comment Blacklist, here is Github list of comment blacklist for WordPress.

3. Restrict comment privileges to registered users.

4. Approve all Comments or Don’t allow comments. 

Security Tutorial Slide 25

HOW TO ADD RECAPTCHA TO FORMS

  1. Create A Google Account
  2. Go to Google ReCaptcha
  3. Click Admin Console
  4. Insert Label or Name
  5. Choose
  6. Select Invisible or Checkbox style.
  7. Insert the domain you want to attach.
  8. Check terms of service. 
  9. Check to receive notifications.
  10. Click Submit.
  11. Your reCaptcha keys will display. Keep these secret.
Security Tutorial Slide 20
Security Tutorial Slide 21

12. Open a new window in your browser and login to your site’s dashboard. 
13. Go to WP Forms >> Settings.
14. Click on the reCaptcha tab. 
15. Copy and Paste in your keys.
16. Save Settings.

Security Tutorial Slide 22

17. Go to WP Forms >> All Forms.
18. Select Form >> Edit
19. Click Settings >> General
20. Scroll to the bottom and check enable reCaptcha.
21. Save Changes. 
22. Repeat for all forms. 

Secruity Tutorial Slide 24

#7 MONITOR REGULARLY

  1. Search your website frequently on Google.
  2. Make sure you have enabled Google Console Email Alerts. 
  3. Watch for any unexplained spikes in traffic using Google Analytics. 

HOW TO SETUP GOOGLE SEARCH CONSOLE

  1. Create A Google Account
  2. Go to Google Search Console
  3. Click Start Now
  4. Type Website URL under URL Prefix.
  5. Choose HTML Tag and copy link. 
Security Tutorial Slide 26
Security Tutorial Slide 29

6. Login to Website Dashboard.
7. Install and Activate Yoast Plugin, if not already installed. 
8. Go to Yoast >> Settings
9. Click Webmaster Tab.
10. Paste link under Google.
11. Click Save

Security Tutorial Slide 31

12. Go Back to Google Search Console.
13. Click Verify.
14. Make sure Email Alerts are activated. 

Security Tutorial Slide 32

HOW TO SETUP GOOGLE ANALYTICS

  1. Create A Google Account
  2. Go to Google Analytics
  3. Click Start Measuring
  4. Fill out Domain Title and select settings.
  5. Choose Web for type.
  6. Add Website Details and Click Create

HOW TO ADD GOOGLE ANALYTICS TO YOUR WEBSITE

  1. Login to your dashboard.
  2. Go to Plugins >> Install New
  3. Search Google Analytics
  4. There are two primary plugins to choose from today we are going to Install and Activate MonsterInsights
  5. This Plugin has a free and pro version, but we will setup the free.
  6. After Activated Click Connect and Setup MonsterInsights.
  7. Follow Setup Process.
  8. To check your traffic click the Insights icon on your dashboard’s top navigation bar.
    (It may take up to 24 hours to begin to see the traffic from your website.)
Security Tutorial Slide 40

We hope you found this article and video tutorial useful. We do offer monthly packages that include website security, so if you are interested in learning more about our packages or just have any questions, please feel free to Contact Us