We previously highlighted three quick and simple changes to your WordPress that can instantly heighten the security of your WordPress installation and hopefully you have already made the necessary changes. There’s never any harm in going for a belt and braces approach however and the following three additional tips will help keep your WordPress installation even more secure. Although they are a little bit advanced they are all within the capabilities of any savvy WordPress user. Remember, WordPress is an extremely popular platform and that makes it a target for hackers. Often these hackers exploit bugs in WordPress so it’s important you keep track of any issues that arise. You can find information on the latest WordPress vulnerability, and what you need to do to make your site safe, here.
Add a preliminary login
Just as you may have two locks on your front door at home to put off would-be intruders, so you can do the same with your WordPress installation. We previously mentioned how to make your WordPress administration login more secure, but by placing an extra step before they even get there you can further minimise the risk of being hacked.
The simplest way of doing this is to password protect the folder in which your WordPress installation is held. This 123-reg support article will show you how if you have a 123-reg hosting package. It needs you to create a .htpasswd file and a .htaccess file, but the step by step guide makes this simple to achieve.
Limit the number of logins
You may recall one of our original suggestions was about dissuading the attentions of a hacker or a bot trying to hit your website with a brute-force attack aimed at cracking your password. Unfortunately, this remains the biggest threat to your security as the software’s popularity offers a higher potential for success for a hacker. Therefore, it can be useful to limit the number of failed login attempts allowed from a single IP address. By simply limiting the number of times that a password can be inputted incorrectly you can combat a persistent hacker and especially those using software to try and guess your password. The quickest and easiest way of doing this is using one of a multitude of plugins that WordPress is so blessed with.
Once you are logged in to your WordPress installation, use the left-hand menu and choose Plugins and click the Add New option.
In the Search Plugins box search for limit login attempts
You will find a selection of suitable plugins that should be up to the job. Always make sure you check the review ratings to confirm the plugin is compatible with your version of WordPress, has recently been updated and has been favourably reviewed by other people who have already used it.
Install the plugin and amend the settings to suit. For example, Automatically lock the system down for 30 minutes if any user has 3 failed login attempts
Restrict IP address
Another quick win is to restrict access to your WordPress administration system to a single IP address. If you always login to your blog administration panel from the same place, this is another simple level of added security. However, be aware that certain internet service providers allocate different IP addresses every time you connect and this tweak can also stop you making quick changes when not at your normal place of work.
The simplest way to restrict site access is by finding and installing a WordPress plugin as above. In many cases, the same plugin may be able to do both jobs. Again, take care to ensure the plugin has favourable reviews and is updated to the latest version of WordPress to avoid creating unnecessary security risks.
These are just another few quick steps that can all add to your WordPress security. The most important thing is to make sure that your WordPress installation is kept up to date. Install all the recent updates for the main installation and for plugins and you are already one step ahead of the game. Follow the instructions above and in our previous article and you will hopefully stay ahead of the hackers too.