Over 20 percent of all WordPress websites gets attacked. Automated spambots, hacks, brute force attacks, malware, you name it. Still many website owners choose to not update their website and not to secure it against all that can happen!
Protection is necessary
After reading all articles you can find about WordPress and (lack of) security, you should be convinced that security measures are truly needed. Although a good web host and even a CDN like CloudFlare can prevent your website from being attacked, they are never 100 percent foolproof. Together with making backups regularly, protection is the best way to make sure your website is safe, but also repairable when things do go wrong.
Some things can be done by yourself to protect your website:
- Remove the user ‘admin’, if it exists
- Block the file editor in WordPress
- Protect folders and files in .htaccess
- Move wp-config.php to another folder
- Use unique security keys in wp-config.php
- Use a different database prefix
Protection with a plugin
After taking care of the basic steps to protect your website, it is time to go a big step further. Although there are still a lot of things you can do yourself, these things will get to complicated for most users. That is why there are many plugins that can help you protect your website.
I have been testing a few of the major free security plugins. In the end, Shield was the one I kept. I haven’t had any problems on the websites I manage ever since I have been using Shield. No security breaches and no trouble setting it up without losing functionality or performance on the front end.
Options of Shield
Shield has a lot of options and settings. After installing and activating the plugin, you get this dashboard. All options will be orange on a fresh install!
Before you start setting the options, you should really have a look at them all. Before you start using options, you must be sure how to set these up. Otherwise options can break your website up, or you won’t be able to log in anymore!
The screenshot was made on my own website. As you can see not all options are in use. I don’t use the Comments SPAM options because I have an other solution for protecing the comments section.
Use the automatic updates options with care! I turned of all the automatic updates off WordPress itself and the plugins. I like to be sure these are compatible the moment I update them. Just the plugin Shield itself can auto update, to be sure I have the best protection.
Under Hack Protection you can find the option to check the WordPress core files. All the core files that should be in your installation, will be verified against the official WordPress repository. Possible differences will be reported. You can even have them updated automatically. This is one way to detect and resolve PHP injections.
Security measurements are necessary. You will have to invest some time to figure out all the options. Be sure to read the documentation and select and configure the options you need. And test your website after configuring this plugin. Make sure everything works as it should and you can still log in on the back end.
You can never be 100 percent safe. But you can lower the risk of getting hacked big time by installing a plugin like Shield. Make sure you have a backup procedure that makes it possible to be back online in minutes in case you still get hacked. Getting hacked is a big problem, losing all your content without the possibility to restore it, is disastrous!
What do you do to keep your website safe? Please share your experiences in the comments section below!