Securing your Website
One of the most important things you need to know about managing your website is website security.
Most people don’t really think about it until someone hacks their website and they don’t know what to do about it. This is a common occurrence once you start growing your traffic.
For your WordPress website, you can easily choose a security plug-in from a lot of options. Here are two security plug-ins that are easy to use and set up. These have both free and premium options.
The first one is Sucuri Security which specialises in website security. You can start by trying out their free plug-in.
The second one is Wordfence security. Both have their pros and cons. You can easily do your research to find out which suits you the best.
How to use Wordfence security?
Install Wordfence. It has a lot of active installs and tons of good reviews which shows the quality of the plug-in.
Click on Install.
A pop up will appear offering you a tour of the functionalities of Wordfence. Check it out if it’s your first time trying this out.
The tour will show you how to scan your site for malware, how to find issues on your website like outdated plug-ins, set up a firewall against outside attacks, and automatic blocking of people trying to get to your website from suspicious IP addresses.
Now, go to the dashboard.
Here you can find all the overview of the configuration and the statuses whether it’s enabled or not.
For instance, Firewall and login security is enabled, and some other options are disabled or only available for premium users.
On the dashboard, you will know how many attacks are blocked by Wordfence in all of their network and the websites under its protection.
In Other sections, you can see the status of your site.
For instance, in case someone is attacking your site, their IP address will show up here.
This Other section shows any login attempts to your site, and here you can see the locations the attacks are from.
Next important thing is to configure the plug-in to your specific needs.
At the very top, there is a banner offering you to optimise Wordfence. Click on the button to configure.
Before Wordfence is actually activated, it needs to do a total scan of your website to make sure everything is working well.
You need to choose the server side configuration for Wordfence to run on. You can just select the one they recommend, in this case it’s Apache and SuPHP and click continue.
Before making any changes, it recommends you to download a backup of your access file. So, go ahead and download the file. Then, click Continue.
Once it has run successfully, it will show you that the installation is complete and your website is protected to the fullest extent.
Next, you need to check out the options to know what settings you can change.
It’s all default settings now but you can customise these to be more suited to your needs.
For instance, you should look into the login security options.
If someone is on the login page and entered a wrong password, they will be blocked.
Periodically, Wordfence will send you a summary report as well of the blocked attempts and any of the findings. You can find the settings here.
It will also send alerts for outdated plug-ins, attempted attacks, and so on.
There are a lot of possibilities of configurations you can explore. It is obvious that this is a very powerful tool.
If you are starting out, you are safe and sound. As you progress, you can find more options that will make your website more secure.