Want to learn how to secure wordpress website in 2020.
You are the right on the (bloggingassist) web page to secure your website.
If you are a website or blog owner, you must have knowledge about wordpress website security.
Nowadays website hacking is a well-known word. Normally 30,000 thousand new websites are hacked every single day.
In this post, I will guide you on how to secure WordPress website completely from scratch.
Here I will show you step by step how to secure WordPress website to prevent cyber threats with the best WordPress security plugin.
What is web security?
Web security is the protection of a website or web application by identifying and preventing any kind of cyber threats.
importance of wordpress security
If a hacker is able to steal valuable customer information from your site and it’s determined that you didn’t provide enough security features to prevent it.
Website security provides business protection and website security builds brand and customer trust.
Website security protects your business revenue stream, and maybe even it’s financial viability.
Security protects your website from any kind of hacking attempt. If you do not want to lose your site, it is best to use website protection.
Best Practices of wordpress Security
- Use Strong Passwords
- Install SSL Certificate
- Use a Secure Host
- Backup Your Site
- Update WordPress, Themes, and Plugins
- Enable 2-factor authenticator
- Protect the wp-admin directory
- Setup Login Lockdown Feature
- Install a Web Application Firewall
- Regularly Scan Your Site for Malware
If you want to protect your website from bad guys, you must have all these security practices.
Lets go to main part of how to secure wordpress website,
Now, I am going to secure wordpress website completely with the best WordPress security plugins.
Here, I will use the following four plugins to secure wordpress website.
- Wordfence security
- Google Authenticator
- WP Limit Login Attempts
- WPS Hide Login
Wordfence is the most popular firewall and malware scanner.
The free version of Wordfence security offers a lot of features that are enough for your website security as a beginner.
This plugin has 3 million+ active installation and 3,550 five stars based ratings
First you need to install wordfence plugin to your wordpress site.
To install the plugin,
Go to WordPress plugin store and search for ”Wordfence security”. You will get the wordfence security plugin first.
The first click on ”install” then click on ”active” to complete the installation of the wordfence security plugin.
Go to your dashboard menu items,
Then click on ”Wordfence” to complete installation.
After clicking on Wordfence, you will get a pop-up box like the below box.
Here in this box, you need to put your email address where Wordfence will send you the security alert of the site.
Go to your wordfence dashboard,
Here you will see a notification like the below picture. You need to click on ”click here to configure” button for the next option.
After clicked on the button you will get a popup type box like the below picture.
They are saying to download a backup of the following files before they make the necessary changes for security purposes.
First, click on the ”download .htaccess” button to download the backup file. Once you have downloaded the files, click Continue to complete the setup.
Now let’s go to the central part of how to secure WordPress website
When you install the Wordfence plugin, you will see most of the important settings are enabled. If you need to modify the settings or enable more according to you.
Here your WordPress website will be secure with the four ways.
- Firewall – Protection from known and emerging threats.
- Scan – To detect WordPress security issues.
- Login – improves login security by Two-Factor Authentication.
Now we will know details about these four Wordfence security features so that you can secure your WordPress website.
For all things, you need to go to your dashboard menu items and click on the Wordfence plugin. Then you will see these all security features.
The Wordfence firewall protects your sites from attackers by these four following ways.
Here Web Application Firewall and Brute Force Protection are the free version features. Firewall Rules and Real-Time IP Blacklist are the premium features.
To enable Web Application Firewall Status to click on ”manage WAF” and scroll down a little bit, then choose ”enabled and protection” from the box.
Brute Force Protection
The Brute Force protection prevents password guessing attacks.
This feature will help you to Immediately block the IP of users who try to sign in to your website with fake usernames.
You will see these following settings, and you can modify them according to you whatever you need.
Here you need to enable (✔) a setting which is ”Immediately lock out invalid usernames”.
Go to your Wordfence dashboard and click on ”Scan”.
Here you can scan your WordPress website by clicking on the ”START NEW SCAN” button.
Wordfence will show you the security problem on your WordPress website to solve them.
Solve the security issues as soon as possible that is displaying WordFence scans to secure the WordPress website.
Now click on the ”manage scan” button to see the full settings of the scan feature.
After clicking on the button, you will see the following all settings.
Here you can enable or disable the setting according to your needs. And some features are for the premium that you can’t enable.
03. Login Security
For logging security click on the ”Wordfence plugin” then click on ”login security” under the plugin.
After clicking, you will get the following interface.
To active Two-Factor Authentication,
- Download authenticator apps on the phone from the play store.
- Scan Code or Enter secret Key on phone apps.
- Copy the code from the phone and paste it on the code box.
- Download Recovery Codes.
- Finally, click on the ”Activate” button.
I will show you the details on the Google authenticator plugin section, and you can go there for one info.
Wordfence security plugin also has a google reCAPTCHA feature that prevents spams and bots.
To enable reCAPTCHA ,
Go to login security and click on the ”Settings” and scroll down, then you will get the reCAPTCHA option.
Here you need to put reCAPTCHA v3 Site and Secret Key from your Google reCAPTCHA account.
Click on All Options from the menu item to get all the settings together.
The Google Authenticator plugin gives you two-factor authentication for your WordPress website.
First you need to add it to your wordpress website.
Go to WordPress plugin store and search for ”Google Authenticator” and install it.
After installing the plugin, click on ”setting” from menu items then click on ”Google authenticator”.
Then you will get following settings. You can enable or disable the settings according to your needs.
Click on ”Save Changes” button after enable settings.
After enable settings it’s time to connect the plugin with the mobile apps.
you can connect your Google authenticator plugin by
- iPhone & iPad
To connect with your phone, go to play store and download the Google authenticator apps.
Then put the secret key or scan the QR code with the mobile authenticator application.
After doing this you will see plugin is connected to the mobile apps and proving code.
Copy the code and paste it on the authenticator code box of Google authenticator plugin. Then click on the ”Verify” button to verify.
Now your plugin is connected to your mobile apps and Two-Factor Authentication is enabled.
Now, if you want to log in to your dashboard, you will get the Two-Factor Authentication page to verify code.
Here you need to enter the Google authenticator code from your mobile authenticator application.
After inter the code on the code box, click on the ”login” button to log in to your dashboard.
Wordfence security plugin also has this Google authenticator feature to connect mobile apps without installing the plugin.
If you are using Wordfence security plugin, connect from wordfence no need to install the Google authenticator plugin.
This is a login protection plugin, protect website from brute force attacks.
To install this plugin, go to WordPress plugin store and search for ”WP Limit Login Attempts”.
After that, you will get the plugin, then install and activate the WP Limit Login Attempts plugin.
After installation first, click on ”settings” then click on ”Wp Limit Login” to see the dashboard of the plugin.
The settings of the Wp Limit Login plugin are enabled by default, and you can’t change the settings.
To enable or disable the settings according to you, you have to purchase the premium version of the ”Wp Limit Login” plugin.
Let’s go to see how it works,
When you will go to your WordPress login page, you will see a human verification captcha. It prevents bot attacks.
Here you need to enter captcha code on the box and click on the submit button to verify.
After submitting, you will get the login page of your WordPress website.
When someone tries 5 times to log in to your website dashboard, then their IP address will be blocked.
If someone failed to fill captcha 3 times, they will be also blocked by the Wp Limit Login plugin.
Thus Wp Limit Login protects the website from bots attacks and prevents hacking attempts.
This is a plugin that lets you easily change the URL of the login form page to anything you want.
First, you need to install and activate the plugin from the WordPress store.
After activating the plugin, go to settings then click on the ”WPS Hide Login” to enter the dashboard of the plugin.
Then You will see the following dashboard.
Here you need to put the login URL on the box according to you whatever you want.
I entered ”login” on the box you can enter anything, but you have to remember this to find the login page of your website.
By this plugin, you can redirect the URL when someone tries to access the wp-login page.
You can redirect any url of your website by the rederect feature of this plugin.
By default, there are 404 pages here. You need to change it. Just enter the URL on the redirect box, whatever you want.
Our settings are done its time login by the custom login URL.
To enter dashboard,
Enter the word which you entered on the ”WPS Hide Login” plugin after the domain of your website.
After entering the URL, now press ”enter” from your computer to enter your website login page.
This is one of the best security systems to secure WordPress websites from bad guys.
In this post, I guide you on how to secure WordPress website. Here I tried to show you step by step to secure your WordPress website in the best way.
I also share the best practices of WordPress website security to protect sites from bad guys.
All the plugins are most popular with good ratings and active installations, which I have shared in this post.
Finally, I hope that you will be able to secure your WordPress website by this guide.
If you have any questions about how to secure WordPress website, please leave a comment on comment sections bellow.