Thousands of WordPress sites get hacked every single day. According to a study, there is an attack every 39 seconds on average on the web.
So if you’re not taking your WordPress site’s security seriously, you may also soon become another victim of a security attack.
Fortunately securing a WordPress site is not a big deal as there are many security precautions you can take. You can also take the help of WordPress security plugins and tools to secure your site from all the security vulnerabilities.
If you’re looking to secure your WordPress site in 2020, this detailed post is exclusively for you where you will discover 5 of the essential WordPress security tips.
Top 5 Essential WordPress Security Tips to Implement In 2020
1. Get the basics right
First things first: make sure to get the following things right if you want to safeguard your WordPress site from hackers.
Don’t use nulled themes: Many beginners search for nulled themes to install on their sites. If you’re also one among them, stop doing it as 99% of those nulled themes may contain malicious code injected into them. Either use free WordPress themes from trusted sources or invest a couple of bucks on premium themes like Elegant themes.
Use a strong password: Most bloggers don’t create strong passwords because they think they often forget their passwords. Are you also one among them? We now have so many password manager tools like LastPass which can help easily manage all your passwords at one place. So use strong passwords and make sure to change them regularly for better safety.
Limit your login attempts: Brute force attacks is a common technique used by hackers to get access to a site (they usually try several combinations of usernames and passwords to login). Here’s where you need a plugin like Limit Login Attempts which keeps you secure from brute force attacks when someone tries to login repeatedly with variations of common passwords.
Disable file editing: We all know that WordPress comes with an in-built editor that allows you to easily edit your themes, files etc. it’s a huge security vulnerability if a hacker gets access to your site. So disable file editing by adding the following simple code in your wp-config.php file.
- // Disallow file edit
- define( ‘DISALLOW_FILE_EDIT’, true );
Update, update, update: You might be using a lot of plugins on your site, most of which frequently gets updated. You should always update your plugins whenever there’s a new version available. Also, make sure to update WordPress to the latest version. Be sure to take a backup of your files before updating (in case if something goes wrong).
Use a backup plugin: If things go wrong, you should be able to easily restore all your files. You can use plugins like VaultPress, UpdraftPlus etc for taking backups. There are web hosts like WPX Hosting, SiteGround etc that offer free website backups as well!
2. Install a WordPress security plugin
Here’s a list of top 5 WordPress security plugins which are essential for any WordPress site.
1. All In One WP Security & Firewall: As the name suggests, it’s an all in one security plugin and firewall for all WordPress sites. It offers everything from the ability to change the default username to password strength tool to secure your sites from all security threats.
2. Wordfence Security – Firewall & Malware Scan: This is another popular WordPress security plugin which offers real-time firewalls and easily identifies and blocks malicious traffic.
3. BulletProof Security: From malware scanner and firewall to login security, this plugin offers you almost every single thing that you need to secure your site. It also offers you other useful features like database backup, Anti-Spam features etc to take your website’s security to the next level.
4. Anti-Malware Security and Brute-Force Firewall: Using this plugin, you can easily run a full scan of your WordPress sites to automatically remove known security threats, backdoor scripts, database injections and so on. If you’re afraid of malicious attacks on your site, this one’s a must for you.
5. iThemes Security: Another incredible plugin which is available both in free and paid versions and offers amazing features like locking down WordPress, fixing common security holes, stopping automated attacks and so on.
3. Invest in a secure web host
A lot of beginners use cheap or free web hosting. If you’re really serious about securing your WordPress sites, it’s essential to invest in a proper web hosting provider that’s fully secure and reliable.
A secure web host provides you with a ton of benefits including;
- 24/7 constant network monitoring
- Uses strong firewalls and network to combat DDoS attacks
- Always keeps their server software and hardware up to date to safeguard from hackers
- They usually offer fixed for you guarantee in case of security issues (just like WPX Hosting does)
Not just that, most secure web hosts offer you free SSL certificates as you need to move your site from HTTP version to HTTPS version if you want to encrypt your data.
To put it simply SSL (Secure Sockets Layer) is a protocol which encrypts the data transfer between your website and users browser and gives you extra protection.
So what web host do I recommend? If you’re searching for a faster and fully secure host, I highly recommend WPX Hosting.
We’ve been using it on Bloggers Passion for more than 4 years now. WPX Hosting offers 3 pricing plans which include;
- Business plan costs you $24.99 per month and you can host up to 5 websites with a bandwidth of 100 GB. You will also get 10 GB disk space of storage space.
- Professional plan costs you $49.99 per month and you can host up to 15 websites with a bandwidth of 200 GB. You will also get 20 GB disk space of storage space.
- Elite plan is their advanced hosting plan which costs you $99 per month and you can host up to 35 websites with unlimited bandwidth. You will also get 40 GB disk space of storage space.
So what are you waiting for? Go grab WPX Hosting if you’re looking for a better web hosting. In case if you’re looking for affordable web hosting choice, I highly recommend you to check out SiteGround as their plans start at $3.95 per month.
Side note: At HostingMonks, we provide you with a list of amazing web hosting deals along with detailed reviews. So if you’re in the hunt for the best web hosts, make sure to check out the blog.
4. Enable Two-Factor Authentication
Two-factor authentication (also known as 2FA) is a must for most WordPress sites as it adds an extra layer of security when logging into your WordPress websites. It simply means every time someone is trying to login, they should go through the two-factor authentication.
Here’s how it works.
After you open your login page on WordPress and enter your login details, you are asked to insert a code. The unique code is sent to your smartphone or email. Only when this 2-step authentication is done, you’ll be able to login.
That way, you are making it almost impossible for hackers to get access to your site because they need a verification code as well (apart from your login credentials). That’s why 2FA is so essential.
Implementing two-factor authentication is extremely easy thanks to plugins like Google Authenticator. Here’s how it looks like;
As you can see above, this plugin provides 2-factor authentication whenever you login to your WordPress website ensuring no unauthorised access to your website.
5. Change your WordPress login URL
If you’re using the default login URL to log into your WordPress site like everyone else, you’re making a big mistake. Why? Most hackers can easily get access to login URL and use brute force attacks to hack into your site.
By default, the URL you use to log into your WordPress dashboard is either wp-login.php or wp-admin, added after your site’s main URL.
For instance, yourdomain.com/wp-login.php or yourdomain.com/wp-admin
Guess what, those two URLs are the most accessed URLs by hackers all around the world who want to get access to a WordPress site.
If you change that default URL into a custom long URL, guessing it would take a lot of time and effort for most hackers (and they eventually give up and try other sites).
So how can you change your WordPress login URL? You can simply install a plugin called WPS Hide Login. Although you can change it without any plugins but you need bit coding skills to do that.
If you’re a beginner, I recommend you to use free plugins like WPS Hide Login to turn your default long URL into something like yourdomain.com/I_love_my_site.
Here’s how it looks like;
As you can see above, it’s so much easier. The best part about using this plugin is that it’s a really light plugin which helps you easily change the URL of the login form page to anything you want. You don’t have to rename or change files in your WordPress site’s or rewrite rules.
WordPress security checklist for 2020
Are you looking for an easy to use WordPress security checklist for 2020? Here’s an incredible checklist of actions that you need to take to provide bulletproof security to your WordPress sites.
- ALWAYS keep your WordPress version (along with plugins and themes) up to date. Make sure to take backups before you update anything. That’s the basic rule.
- Never install nulled premium themes. They always contain malicious code.
- Always use strong passwords that are hard to guess. Make sure to change your passwords regularly.
- Change your default WordPress login URL (and admin username). You can do it manually or use plugins like WPS Hide Login, iThemes Security etc to create your own login URLs.
- Limit your login attempts as it helps you prevent brute force attacks performed on your site using tools or guessing methods.
- Install a firewall and disable file editing.
- Enable two-factor authentication for added security.
- Backups are essential for any WordPress site. If something goes wrong, you should be quickly able to restore all your files. You can either use tools like VaultPress or purchase a hosting that provides automatic backups (such as WPX Hosting, SiteGround and so on)
- Always clean up your spam comments and databases as it not only prevents spam but also speeds up your overall site loading speed.
- Remove inactive or unused plugins if any. Also, don’t install a plugin that’s not been updated since the last 3 WordPress core updates.
- Ensure your site is running on HTTPS version. You need to install SSL certificates to move your site from http to https.
- Make sure to install at least one WordPress security plugin like Wordfence
- Use a malware scanner and set up email alerts (so if something goes wrong, you will get notified immediately).
Final Thoughts On WordPress Security Tips
Most of the hackers use bots to automate the process of hacking into other sites. If your site is not safely guarded, it becomes so much easier for hackers to get access to your site.
That’s why you need to implement the RIGHT security measurements such as limiting login attempts, using strong passwords, using a secure web host, implementing two-factor authentication etc to secure your WordPress sites.
So what are your thoughts? Are you taking any security precautions to secure your sites? Share your thoughts in the comments.
Is Another WordPress Plugin Necessary for Your Blog? Read this first!
I have been actively blogging for over 6 years now and I have seen it all. To be quite frank, Zac Johnson and his success were some of the reasons I got into the activity. During my blogging, I have installed and uninstalled hundreds of plugins.
As an active blogger who focuses on building one or few authority blogs (I don’t create and run many blogs personally), there is always the temptation to add another plugin.
The reason is that each time I come up with a new blogging business idea, there is a need to add a plugin to handle the idea. For a couple of times, I have avoided many plugins by tweaking my WordPress source code. We will discuss this a little further below.
Before you install your next WP Plugin
As a matter of fact, my main blog EnstineMuki.com has 49 plugins. This may make you yawn but for a business hub, that may not be a number to worry about. Besides, there is no magic number or is there any?
Definitely, these many plugins have had some bad impact on my load speed, pushing it upward from less than 1 second to somewhere near 2.
While plugins may help you do more with your blog, they are often not a good business partner to embrace for several reasons. Here are a couple of things you should do before installing and keeping your next WordPress plugin. As a matter of I fact, I do follow these same steps:
1. Make sure the plugin is in absolute necessity
Whether it’s a free or premium plugin, do not install until it you absolutely need it. I remember my early days. As a newbie, I had over 100 plugins, most of them having no place at all.
The more plugins you install on your blog, the more you expose your blog to some or all of the risks discussed below. So you’d better be good installing just the plugins you need.
2. Test the plugin first
This is one of the things top bloggers do each time they have a need to install the next plugin. They test for compatibility with existing plugins and Theme and load speed impact.
I personally use a free plugin called Wpreset to test and determine any changes each time I activate a new plugin or theme. You may want to download the plugin here from WordPress repository or check out this post on how to measure any changes on your blog after activating a new plugin.
Where do you test the plugin?
There are actually two options. First, you should avoid testing on your productive environment. Here are two options you may want to pick from:
- Have a staging version of your blog: This is actually a better option. Contact your host for more.
- Create a separate test copy of WordPress: The problem with this is that the test copy may have some meaningful differences with your productive site. These may disguise some issues due to differences in hosting environment, other plugins, themes, etc.
Read around for reviews
Don’t just rush into installing and activating the next plugin without trying to find out what other users have had to say about it.
Don’t just believe the words of the developers. The best way to gauge the effectiveness of a plugin is to find out what other users have had with it. Generally, users are going to share their experiences on review platforms and other sites.
On the WordPress plugin page, take a look at the rating section. This may help with a broad idea how satisfied users are:
How I do avoid installing some plugins
I’m not going to tell you this is easy to handle. You may need some PHP/CSS development skills to be able to handle this section.
First, measure the depth of the new plugin. Some don’t deserve the pains and stress that come with installation and activation. What I do often is tweak my Theme to get the changes or additions.
But doing changes to your Theme files may be short lived. The reason is that many Theme developers are constantly updating and bringing changes to their themes. Once your Theme is updated and you apply the new version, be sure to completely lose any changes you made.
My solution is to create a child theme for your theme. That way, any changes you want done are applied to the child theme and your parent (main) theme files are left untouched. Here is some information to help you on creating WordPress child themes.
3 major risks of installing plugins
Plugins are necessary because they extend the functionalities of WordPress. WordPress core is just the skeleton and some basics. Plugins allow you to get more from the most popular Content Management System. But here are the risks involved in installing and activating any additional plugin:
2. Hacking and security issues: Some plugins that are poorly coded may have leakages that may be exploited by hackers to break down your blog.
3. Incompatibility and design breakage: Sometimes you install a plugin and everything completely goes wrong. The solution is to uninstall and delete the plugin files from your server
I hope this is going to help you so you don’t run into any issues with your blog as a result of a new plugin.
8 WordPress Plugins Beginner Bloggers Should Have
Beginning a WordPress blog is an exciting new adventure. Not only are WordPress blogs a wonderful way to showcase the many ways you express your creative self, but they’re a great place to begin your business. The digital age has proved just how lucrative a career online can be, which is why so many ambitious creatives and entrepreneurs turn to WordPress.
Within the realm of WordPress, plugins allow users to add a number of different extended software programs to their website. They enhance the functionality of your site and add exciting features that engage site visitors in a myriad of different ways. There are over 55,000 third-party plugins within WordPress’ directory, giving you plenty to work with as you customize and brand your blog. But what are the must-haves among such a vast collection of add-on software?
Let’s walk you through the basic WordPress plugins every beginner site-maker should have, regardless of the content that will soon inhabit your unique domain.
Yoast SEO has become one of the most popular WordPress plugins for novices and seasoned site-makers alike. Yoast boasts the most comprehensive search engine optimization solution, packed with an impressive selection of features and tools to improve your on-page SEO. Add meta tags, create sitemaps, and optimize your site for Google, social media, and more.
When it comes to conversion rate optimization plugins, no software performs better than OptinMonster. Designed to allow users to convert bouncy visitors into interested email subscribers and paying customers, OptinMonster works hard so you don’t have to. By giving you the power to personalize campaigns to users, OptinMonster makes you more money. OptinMonster is a valuable tool for bloggers, eCommerce entrepreneurs, and new business owners.
When building your blog, security should be at the forefront of your mind. Sucuri is one of the leading security WordPress plugins that offers DNS-level network firewalls, and intrusion/brute force prevention, as well as malware and blacklist-removal services. By sending all of your website traffic through their cloud proxy, Sucuri is able to scan every single request and decide whether or not traffic is legitimate and what traffic can successfully pass through.
MemberPress gives you the key to building online communities and membership sites via WordPress—so it’s really no wonder why it’s one of the essential plugins to date. Not only can you create subscriptions and manage content available to users based on their subscription plans, but you can even incorporate a number of popular payment solutions and online store features with ease.
While everyone wants their site to receive traffic, nobody wants the traffic to be dominated by spam and bots. Akismet’s number one job is to filter out and delete spam comments that can hurt your site’s legitimacy. Akismet is lauded for its 99.4% accuracy rate that gives you the peace of mind you need to tackle unwanted content on your blog.
Whether you’re an artist showcasing your one-of-a-kind pieces or a graphic-design lover who wants to add some stylish flair to your site, Nivo Slider gives you the power to display an interactive image slideshow on your site that draws visitors in. Add a splash of creativity with the visual wonder delivered by the Nivo Slider’s crisp on-page clarity and allure. It’s easy to navigate and comes with a comprehensive design structure that is truly user-friendly.
MailChimp for WordPress
MailChimp is one of the world’s most popular email marketing services that allows users to manage subscribers, send emails, and track the fruits of your labor in bulk. It is an absolute must-have plugin for WordPress webmasters and business owners and it’s completely free to add to your blog. If you’re looking to spruce up your eCommerce site, opt for the premium version, instead.
Designed to prevent third-party hackers from running a brute force attack on your blog, Loginizer is another security essential worth lining up on your plugin list. Loginizer works by blocking an IP address after a maximum number of login attempts has been reached. The plugin also allows you to blacklist or whitelist specific IP addresses. Venture into higher-level security features like two-factor authentication, reCAPTCHA, Passwordless login, and more to bolster your site’s safety.
With these 8 must-have plugins, you’ll be well on your way toward creating the WordPress blog of your dreams. What are other beginner-level plugins you use on your WordPress blog or recommend to novices? Let us know in the comments below!
ONE by TemplateMonster – Ultimate Subscription Service to Fulfil Any Web Design Task
ONE by TemplateMonster is the one and only subscription service that provides web designers and developers with the ultimate selection of high-quality digital products and services they can use to streamline their workflow. Every professional webmaster knows the true value of quality web design items in their work. Having a collection of the right tools and web design elements in a toolbox, one can focus on the creation of impressive and competitive digital works without having to worry about extra designs, extensions or graphics that are needed to complete your projects.
As a rule, all quality web design items are pricey. So, it may cost you or your client a pretty penny to launch a stunning digital work from scratch. However, thanks to services like ONE by TemplateMonster, provide you with unlimited access to a series of quality web design tools that you can use for your own digital works without any restrictions.
ONE is the ultimate subscription service delivered by the giant digital marketplace for $19 per month. As soon as you subscribe to the service, you are provided with the unlimited access to the ever-growing collection of 8500+ best-selling digital products including premium-quality web themes, plugins, and graphics, all of which are accompanied with expert 24/7 support. Apart from its best price in the market, there are plenty of other reasons to subscribe to the service. Let’s review them in more details.
ONE is a real time-saver for everyone working with web designs. This is a handy subscription service that provides you with unlimited access to a range of high-quality digital products from TemplateMonster digital marketplace.
Subscribing to the ONE, web designers and developers can get literally everything they need to streamline their workflow and create sites that will make every client leave fully satisfied.
All digital items from the subscription are intended to be handled by the users of different skills levels on their own. For example, most of the premium WordPress themes that are added to the subscription are enhanced with the drag-and-drop functionality that allows you to achieve the desired look and feel of your site’s layout as you simply work in the intuitive visual mode.
With the ONE, webmasters also get a bunch of plugins and high-quality graphics suited to be used for a number of purposes.
The giant marketplace took special care to include only the best items into their subscription. You will see it by yourself when you browse the gallery of items that the ONE delivers. All items from the subscription service have proven to be in great demand among TemplateMonster customers due to their high quality and the value they deliver to both expert and beginner webmasters.
The best-selling digital items from the subscription service cover more than 25 different product type. This makes it hard not to find the ideal solution for any type of online project that you need to create. No matter if that’s a corporate site, a business startup project, online portfolio or a personal blog that you would like to bring to the web. ONE delivers all the designs and tools that you may need in a single subscription.
Subscribing to the ONE, you are provided with unlimited access to the collection of 8,500+ digital products for different purposes and topic-specific online projects. If you browse the gallery, then you will come across the best-selling themes compatible with the latest versions of popular content management systems and eCommerce platforms. If you follow the latest industry news, then you should know about such popular themes as Monstroid2 WordPress theme, Woostroid2 WooCommerce theme, Eveprest PrestaShop theme, and StoreFlex OpenCart theme.
By now, there are 4,000+ best-selling themes being included in the subscription, with more than 1,000 of them being high-quality WordPress items. While using the subscription, you can get unlimited downloads of landing page themes, ready-to-go eCommerce solutions, online portfolio web projects, stunning blogging themes, multi-purpose web designs, and so much more.
One of those best-selling web themes is their include extended developer license, which allows you to download and install such themes for an unlimited number of times.
Alongside with a wide choice of best-selling themes, the ONE subscription includes a number of premium-quality Jet Family plugins for Elementor page builder, as well as high-quality graphics to spice up the visual presentation of your web projects. A website creator needs to have an all-inclusive pack of illustrations, icons, animated banners, and fonts always at his disposal. Using ONE, you can access it all and even more for an unlimited number of times.
As it’s been announced by the team standing behind the ONE subscription service, the collection of best-selling themes, plugins, and graphics will be expanded with 100 more items every month.
All digital items from the subscription service are ready to be managed even by beginner webmasters taking their first steps in the web design and development field. Whenever you need any kind f assistance on how to work with the chosen digital item, you can always rely on the professional assistance of the 24/7 support team that will help you solve any sort of issues.
Why Choose ONE by TemplateMonster
With all that being mentioned, let’s make a clear statement about the top reasons to use the ONE subscription service by TemplateMonster.
- With the ONE subscription, you can download all best-selling digital products from the marketplace without any limitations or restrictions.
- Whenever you need any kind of extra assistance of additional services like template installation, website customization, security or the speed tweaks, and even complete website creation, you can order it from from the ONE team for an extra cost. TemplateMonster has experts engaged in all aspects of website creation. They will gladly help you make your digital works more efficient.
- Additionally, you can always rely on 24/7 expert technical support. A team of skilled customer care professionals is always ready to solve any sort of issues in a phone talk or via live chat.
As it’s been already mentioned, the service will cost you $19 per month, which means that you will get $229 nilled yearly. As soon as you purchase the subscription, you can go ahead and start downloading themes, plugins, and graphics without any restrictions. When your subscription expires, you can pay $229 once again to continue using all advantages of the ONE by TemplateMonster.
ONE by TemplateMonster is a must-have subscription service for everyone working in the web design and web development field. It delivers the ultimate toolbox of 8,500+ best-selling digital items that have proven to be in the biggest demand in the TemplateMonster digital marketplace.
The subscription service delivers an ever-growing collection of best-selling web themes for all types of CMS and eCommerce platforms. You can also work with a number premium-quality Jet Family plugins for Elementor page builder. The latter will be especially appreciated by the avid WordPress fans. Additionally, the subscription service includes a constantly growing collection of the high-quality graphics that you may feel free to personalize and use on your own website.
All items that are added to the subscription service can be downloaded for an unlimited number of times. Additionally, the gallery expands with 100 new core items every month. Whatever kind of assistance you may need in order to streamline your workflow, you can always rely on the professional help of customer support team 24/7.
Paying $229 per year, you get an impressive toolbox of digital items that would cost you thousands of dollars when purchased separately. If you think that ONE by TemplateMonster is exactly what you need to bring your creative digital projects to live, then don’t miss your chance to subscribe and get unlimited access to more than 8,500 high-quality best-selling digital items from the marketplace.
Search Blogging Tips
Blogging3 years ago
6 Steps for How I Nabbed 6500 Comments on My Blog
Blogging1 year ago
113 Bloggers share their Favorite Email Marketing Tools
Reviews3 years ago
LeadNetwork Pays Big Bucks for Payday Loans
Blogging13 years ago
CoComment – The new way to track blog comments
Blogging3 years ago
6 Tools For Boosting Content Marketing Results Over The Holidays
Search Engine Optimisation3 years ago
7 SEO Analysis Tools Every Blogger Needs to Know
Blogging2 years ago
How to Start a Fashion Blog in 8 Simple Steps
Blogging10 years ago
In Search Of A Storytlr Replacement