Recently I had written an article about basic restriction you can impose on new user registration which I think is the first basic step as a blog owner you can take to avoid one possible security vulnerability. It's very important to act cautiously and try to be as much aware about possible security threats to your websites. So without any further ado let's get to the 3 key security plugins which can make your blog more secure.
1. Lockdown WP:
This plugin actually allows you to change your blogs login url address which normally is blogtitle.com/wp-admin . Since WordPress is a very common content management platform, hackers are aware of the possible entry points. Using this plugin the login address for your blog address can be made as per your choice. You can actually decide what login url you want to set. When hackers try to access wp-admin page they are presented with a 404 error.
Using this plugin is similar to making the main door of your house hidden or secret. With this plugin the hackers first need to figure out the door i.e. the login page. Trust me this eliminates at least 50% of hacking attempts. Please make sure you check the box which says "Yes, please hide WP Admin from the user when they aren't logged in."
2. Limit Login Attempts:
This is another plugin which will enhance your site security to a great extent. You can actually limit the no of failed login attempts. If some hacker tries to guess your password and fails you will be immediately notified with an email containing the user name and the ip address and many more details will allow you to do investigation. You can also set the login attempts to just 1 and you can block the next attempt for several hours.
Ever since I started using this plugin I got many emails of hacking attempts which made me take one more additional security step no 3.
3. Google Authenticator Plugin and App:
This is a combination of a WordPress plugin and a Google service. This is another layer of security apart from your existing user name password. Google Authenticator is a authentication service which generates a dynamic 6 digit code on your mobile device which you can key in to gain access to your website. This key is generated every 20 seconds. Please make sure you note down the authentication key number which is used to generate this code. If you lose your phone somewhere then you can re download the Google Authentication App and put the code and start generating the automated code again. If you dont have the authentication key number you will also lose access to your website and you will have to login through cPanel and lot more complicated stuff.
Please refer to the below video on how to configure Google Authentication service for your blog, it's very simple and very effective.
All the plugins are hyper linked in the title for your ease of access. By implementing all the above 3 plugins you will lake your website at least 10 times more secure. Please remember we are making hacking difficult for the hackers and not impossible. The only way to make your site more secure is by being more aware and trying to check which security threats are exposed in WordPress and address them periodically.
Stay safe stay secure.
No comments:
Post a Comment
Spam comments will be deleted. Only comments which add value to the blog and its readers will be published.