If you run a WordPress website, you know that site security is very important and can sometimes be tough to do. We are going to take you through the wordpress security essentials and the best practices you need to really follow.
Your website is only as secure as you make it. The biggest mistake that most people make is not getting good passwords in there. And you might be thinking: “Well I don’t want to remember a 20 million character long password”. Well you don’t have to. What you should do though is to get a subscription or even free version of service called LastPass. The primary function of LastPass is to secure your password and make you only have to remember one master password and it can then generate really complicated really tough to hack complex passwords. The premium version is only 12$/year so it’s really worth it and that gives you the ability to two factor authentication, put on your mobile phone and a whole bunch of extra stuff. So it really is worth it. So seriously, go use it because it’s going to make your security much better just by using a lot better passwords.
Best WordPress Security Plugins
There’s plenty of great plugins that you can use to help secure your WordPress website. To get the basics going ones I recommend are: WordFence, iThemesSecurity, WHP or if you really want to get advanced you really want to play around with that SiteGuarding Website Security. Because this one is kind of crazy. I has a lot of fun stuff to help get your website security to a next level. It has firewall protection, google authenticator, anti-spam and anti-malware, anti brute force plugins.
I’ll talk about CloudFlare first because it’s kind of addon. Yes, you can have a plugin in WordPress for that. What CloudFlare really is – its a service that encompasses your website to help or use cloud services to kind of cushion any attacks or issues that might happen, monitor your site or things like that. I haven’t really seen any performance benefits yet of using CloudFlare but it does have some decent DDOS monitoring and some basic life tools that you can use. So just kind of useful in that case it’s free to use in the beginning. So I do recommend using it just in case because it can be useful. Some people say it’s really great, some not so it’s up to you if you going to use it or not.
How many plugins is enough?
Before you actually go installing any of these security plugins, know that you don’t want to use all of them in conjunction together. Some of them do have conflicts and if one finds something wrong it might start to write a log that other might see is as a potential threat. So don’t use them all at once!
If you want just some basic stuff going that’ll really help – three of the ones I recommend getting started with: WordFence, iThemesSecurity and SiteGuarding. Install those three they don’t really conflict with each other. They might, some people have reported, but mostly they work rather well together. And they’re kind of plugins for first frontline shields to harden your site and get things really tough and secure. So install those and go through the process of settings setup. Some of them will guide you through the settings of making your website more secure.
I usually use a conjunction of two or three of security plugins. Generally, a small combination of one of these plugins is a great way to start. Now, if you really want to get advanced, like I said Siteguarding Security is a great way to go. They do have a pro version which you can pay for and so do iThemeSecurity and WordFence. Iphone BulletProof security is the most advanced one and generally the most strong one. So if you really want to get things going to combinations of server stuff and BulletProof security will really get things going.
All-in-One WordPress security and firewall more or less the same thing. I haven’t used it as much but people write really good things about it. You might want to try it out just in case. The other plugins don’t do security as much as kind of do their own little niche thing. BruteProtect for example, is a part of the security suite but it’s really just for protecting your website from DDOS and brute force attacks. So it’s really great to get this on especially because it’s free.
Google Authenticator – this one is an advanced tool. It’s simple to use but kind of a more advanced step, because what it does is it adds two factor authentication to your website. Which means you have to login with the username and password but you can use your own one time login code to login to your website in conjunction with your username and password. That really helps strengthen your login issues and security stuff.
Antispam is mostly for protecting from spam type of tools. So this one is a great security tool for protecting you from evil annoying spam. It doesn’t matter what type of AntiSpam plugin you use – you’ll find a lot of alternatives to software like this. Pick one, doesn’t matter which one it is all of them help with spam comments and spam users registrations.
Thanks for reading this WordPress Security Essentials, if you really enjoyed it leave a comment below and share this article with your friends.