There are many misconceptions about what computer security is and is not. The purpose of this post is to provide an overview of the important ideas, and then provide a simple and cheap solution for how to improve the Security of your WordPress site. Security measures (whether in the physical world or in our computers and networks) deal with various aspects of prevention, detection, and response.
May you know thousands of WP blogs and sites hacked in past because of the weak password, username and lack of security measures. Most common mistake peoples are done using Admin as the username and also use weak password keywords. You should know how to create a strong password to Secure your WordPress site.
The measures we implement to make it more difficult for someone to break into our systems. For example to secure WordPress site always use a strong password, a unique username, change login URL in WordPress, don’t offer registration if applicable etc.
How you know when a security intrusion of some sort has occurred. If you have a website, then you should know how to detect any suspicious activity in your site. If your site platform is WordPress, then are many wp plugins available in WordPress plugins library that can help you to do this task.
What you do once you know that you are under attack. It is the most important part of this article because you must have a plan to recover yourself from attacks or hacks.
What Threats Are Out There
While the massive credit card thefts make the news, you’re not likely the target of those people. The people targeting your system are people who run automated programs that continuously test intrusion points of systems on the Internet. Obtaining unauthorized access is a bit of game with them. When access is obtained, it is shared with others who may or may not do anything with the information. However, it was not enough to claim an unauthorized system access. It was necessary to provide proof.
When I was the head of IT Security at Seagate Technology in the late 1990’s, I read a study that documented that every system and router on the Internet was probed on average every 15 minutes. And that was over 15 years ago.
Some fairly simple measures can protect you from those “hobby hackers”.
In Practical Terms
When you’re a small business owner trying to grow their business you can not devote the time to become a computer security expert. Fortunately, there is a free WP plugin available to secure WordPress in the easiest way.
1 Keeping Your Software Up To Date to Secure WordPress
WordPress already has built into it a mechanism for knowing when software updates are available and making it easy to install them. You should use these as often as needed. The easiest way to use these is via the Updates feature of the WordPress dashboard. It is essential to update wp software, plugins and themes when available because updates help you to more Secure WordPress blog.
a: While in the WordPress dashboard, select Updates to see the Updates screen.
b: Notice the Updates screen is divided into 3 sections: your WordPress software, Plugins, and Themes.
When Updating a section, the steps are:
1: Select All via the Select All checkbox.
2: Select the Update button.
2 Install and Configure the WordFence Security Plugin to Secure WordPress
This software sends you an email when a software update is available for your WordPress site. Also, allow you to define rules that block access to specific IP addresses when that IP address is the source of too many unsuccessful login attempts.
The purpose of the latter is to thwart dictionary attacks, where a piece of software (not a person at a keyword) will attempt to login with common usernames (such as Admin) and a variety of password taken from a long list of common passwords. This is called a dictionary attack.
For purposes of this article, I’m assuming you know how to install a plugin and activate it. So I’ll proceed to how to configure this one.
a: Look for Wordfence in the menu on the left of the screen. Hover your mouse over it until the sub-menu appears. Select Options.
b: Follow the on-screen instructions to obtain your Wordfence API Key.
c: I recommend keeping all the default values with the possible exception of the Login Security Options. For these, look at them and establish values that make sense for you.
d: Scroll to the bottom of the screen and select the button labeled Save Changes.