In this video, I’ll share five tips on how to protect and secure your WordPress website.
Because security is so important nowadays. And you don’t want to lose all the hard work you’ve put into building a website.
00:00 The number of scams and hacks are on the rise
It’s been reported all over the news. And in general, cybercrime has been on the rise due to people working from home. You never know when your website ends up hacked. And since WordPress is the world’s most popular CMS, a lot of the hackers target WordPress.
00:56 Backup your website
So my first tip is simple to implement, but so many forget to set this up.
It’s automatic backups. And preferable somewhere external like in dropbox or Google drive.
If your server gets hacked, it’s good that the backup files are not on the same server.
Personally, I use a plugin called updraftplus, for a tutorial on how to install and set up this plugin, check the white youtube card, that should appear here on top.
Now, this doesn’t directly help with security, but if all goes wrong you can always just restore your website from a backup.
01:32 Keep your WordPress, Theme & Plugins up to date
The second tip is to keep your WordPress and the plugins updated. This helps to make sure there are no known vulnerabilities that hackers could exploit. WordPress community is quick
to pick up on these and security updates happen often.
Sucuri reported in 2019 that “Over fifty-six percent of all CMS applications
were out of date when hacks happened.” So there is a lot of people that don’t do this.
You can set your WordPress to update plugins automatically. And here is how to do it.
02:40 Install a security plugin with a firewall
My third tip is to install a security plugin that also comes with a firewall.
These plugins enable you to do integrity monitoring,
malware scanning, two-factor authentication, and so on…
You can use iThemes Security or Wordfence Security,
they are both available in the WordPress plugin library
On the other hand, a firewall will block malicious traffic
before it even reaches your website.
Oh, and make sure to test your page speed after installing these tools,
some users have reported that their page load times have to increase significantly.
So you might need to try few different ones.
For more about iThemes security and how to set it up,
Click on the white youtube card right here.
03:25 Limit wp-admin login attempts
The fourth tip is to prevent brute force attacks against your site, a plugin called “limit admin logins” limits the login attempt to your WordPress admin.
This will make it much harder to try to brute force your password (done with a computer entering different options). Your security plugin might already have this feature,
so maybe you won’t need to install it separately.
04:00 Use password management software
The fifth tip is not so much about WordPress, but just in general you should use password management software like LastPass, to store most of your passwords.
This way you can create unique and long passwords for different websites. But you won’t actually need to remember them.
The tool I recommend: https://www.lastpass.com/
Just make sure your password to the tool itself, is strong enough and hard to guess. And enable the two-factor authentication in LastPass. That means after you’ve entered your login details, it will also ask you to authenticate yourself via an app on your phone.
This happens once a month or so, so don’t worry, you won’t need to verify on every website.
Hosting I’m using: https://punchsalad.com/hostpapa/ (60% discount)
Where I get my domains: https://punchsalad.com/namecheap-domain/
Email tool I use: https://punchsalad.com/lp/mailerlite/
WP plugins I’m using: https://punchsalad.com/recommendations?utm_campaign=wpSecurity&utm_medium=social&utm_source=youtube
*Some of the above links might be affiliate links.