How to Secure Your WordPress Site

Are you sure that your website is 100% safe? Read this article to discover what you can do to improve the security of your site and put an end to hacker attacks.

WordPress is now the most popular Content Management System in the world, so it's no wonder that it is a popular target for hackers. There is a plugin which does an excellent job stopping them, though, because it includes several powerful security weapons which allow us to fight back the bad guys successfully.

Visit WordPress' plugin repository, download and install Wordfence Security, and then activate it. It's by far the strongest WP security plugin out there, and the paid version is quite affordable at $99/year. Fortunately, even the free version of the plugin includes lots of useful features.

Wordfence incorporates an endpoint firewall, an advanced malware scanner, the powerful Threat Defense feed, real-time IP blacklists, can protect WordPress sites from brute-force attacks by limiting the number of failed login attempts, and much more.

The plugin checks WordPress' core files regularly, comparing them with the ones from the official repository, and then sends an alert if any of them has been modified; this way, it is easy to discover malware, backdoors, code injections, malicious redirects, etc.

The premium version enables the plugin to discover new malware in real time; the updates will only be pushed to the free version 30 days after they have been discovered. And if your site's I.P. has been banned because other people have hosted, and then used their web properties for nefarious purposes, Wordfence Premium will notify you right away. You can then contact the hosting provider and ask them to move your site to a cleaner I.P. neighborhood, or even change the hosting company.

Two-factor authentication is another powerful feature which will help your site withstand most cyber attacks. Activate it, and then install one of the many 2FA apps on one of your mobile devices - a smartphone, for example. I would go for Google's Authenticator application, but feel free to pick your favorite; I wouldn't want to use several different 2FA apps either. Then, any time you want to log into WP's admin area, you will have to supply a 6-digit code that's generated by the phone app in addition to the user/pass combination. This will make it almost impossible for hackers to break into your site.

To harden your website's security even more, you can use Wordfence's captcha-based login feature, which will make it impossible for people to log in or register as new site users without solving one of Google's reCAPTCHA tests.

WordPress' XML-RPC may prove to be useful for people who want to post new articles to their blogs by making use of their cell phones, for example. Nevertheless, it opens huge security holes, so it's best o disable this feature. However, if you really need to use XML-RPC, you will be glad to find out that Wordfence can add 2FA to this part of the system as well.

Some people like to use and reuse their passwords over and over. Unfortunately, even major sites are compromised every now and then, and their users' passwords are often posted on the web. The good news is that this fantastic security plugin will also prevent admins from using known passwords, which have been compromised in the past.

If you manage several websites, Wordfence Central is a centralized security platform which allows you to manage all your site from within a single interface. You can also set up various alerts, and then be notified via email, SMS or Slack in case that something goes wrong. You can get an SMS every time an admin logs in, for example.

I hope that you understand the huge power behind Wordfence now. Frankly, it is the only WordPress security plugin that you will ever need, so do yourself a favor and install it today.