As technology increases, so does Cyber Crime. The result is hacked elections, credit card breaches, and plenty of downed websites. But can you block hackers and content scrapers without breaking the bank? This step-by-step WordPress website security guide shows you how. In it, you’ll learn easy ways to:
- Protect e-commerce transactions
- Secure passive income websites
- Stop content scrapers from duplicating your site
- Block spammers
- Lock out hackers immediately
- Ban bad IPs, spambots, and more
The best part? No coding is required. In fact, with SecuPress (free) or SecuPress Pro, it only takes a few clicks. And boy, does security feel good. Ready to start?
Let’s Lock Out the Bad Guys
STEP 1: INSTALL SECUPRESS
I became a fan of SecuPress after trying Wordfence for a year. Don’t get me wrong, I like Wordfence. But I love SecuPress Pro. They also have a terrific free version. However, since I manage several websites, I figured $4.80 a month is worth it for the access to Tech Support. And for only $57.60 a year, it’s nearly half the cost of Wordfence Premium. The proof in the pudding? I’ve had zero hacking attempts since I installed SecuPress Pro.
Ready to get started? Here’s a link for both the free and pro options.
By the way, I’m not an affiliate. I just like sharing good deals. But enough talk. See for yourself how SecuPress beats the competition, right here:
Top WordPress Website Security Plugins
Notice how there’s only check marks under SecuPress? And notice how the competitors have red “X” marks? Yep. When it comes to security features, SecuPress is the clear champion. Here’s my favourite reason why…
The Interface: So Fresh and So Clean
SecuPress has one of the most intuitive interfaces I’ve seen in a plugin. Call me a design geek, but I appreciate these easy-on-the-eye modules. Hey, when you’re chained to a computer all day, that’s an eye saver. If you’re a Webby, you feel me. Likewise, you’ve probably already guessed the next step in this guide…
STEP TWO: BACK UP YOUR SITE
All smart website owners make a full backup before activating or updating a powerhouse plugin. Generally speaking:
Always test new plugins and major updates on a staging/demo site. That’s because new code can sometimes conflict with existing code.
So, have you backed up your site? Did you install SecuPress? Great, now let’s lock it down!
STEP THREE: SCAN YOUR SITE
Your Website’s Report Card
Fix It With One Click
With SecuPress, it’s fun to compare your site’s grade before and after. To get a shiny Grade A, just do everything the report suggests. It’s a no-brainer. In fact, with a click of the “Fix It” button, SecuPress makes the changes for you.
Pro-tip: Always read up on unfamiliar features before selecting them. SecuPress provides informative links on their features, so it’s easy.
Now for the promise of the premise: Here are the best settings for your WordPress security.
STEP 3: WORDPRESS WEBSITE SECURITY
Heard of Brute Force? No, it’s not a cheap cologne. It’s one of the most common attack points on WordPress websites.
With a Brute Force attack, a hacker relentlessly slams the wp-login.php file until they break in. Consequently, the server may fail. Ruthless, right?
How do you barricade your site? One way is to hide your login page.
Luckily, that’s easy with the Move the Login Page feature. This allows you to invent your own login suffix to replace the default /wp-admin.
For example, you can make it www.mydomain.com/mynewlogin. Obviously it should be something harder to guess. Once a hacker fails that login url, they are immediately blocked and redirected to the page of your choice. I like tossing them to my home page. Ah, sweet satisfaction.
If you like that feature, you’ll also love these:
- Prevent double logins
- Require Captcha for logins (to swat away bots)
- Boot off anyone else who is logged into your site
- A Two-Factor Authentication sent to your email
- Password Changement
Here’s just a portion of what those settings look like:
Protection While You Sleep
Want to sleep better at night? This option lets set up non-login times. Think of it as an after hours security gate. Because while your eyes are shut, why should your admin panel be open?
Basically, all of these settings have one thing in common: When the bad guys come knocking, they hit a brick wall. And another. And another. Soon, they give up and look for easier sites to hack.
But let’s make it a little harder for them, shall we?
Secure Sensitive Data
Sensitive Data: It’s the soft underbelly of your website. And unfortunately, because it’s quite technical, many site owners leave it exposed. Well, SecuPress Pro has you covered. In fact, they offer 12 ways to protect your data from content scrapers and other foes.
Block Content Scrapers
Content Scrapers have only one job: to steal your hard-earned Web Content. With that, very often, goes your SEO. Because, while Google penalizes duplicate content, it doesn’t always know which is the original.
So if your ranking has fallen off a cliff, content scrapers may have pushed you. Here’s how to push back.
With the click of a button, SecuPress blocks content sScrapers from accessing what they need. In particular, it:
- Blocks access to your PHP, readme, and robots.txt files
- Disables XML-RPC and Directory Listing
- Forbids bad URL access to your files
- Protects your profile and settings pages
Easy, right? Wait, there’s more!
Firewall, Malware Scans & Backups
We’d all like to think we know a bad guy when we see ‘em. But online, new malicious user agents show up regularly. It’s enough to make your head spin.
Well, relax, because SecuPress has a naughty list. Simply tick all the boxes in that module and say: “Bye-bye Bots.”
Block Country and IP Settings
A recent client balked when I said WordPress is prone to Russian hackers. Then I showed her this report from Wordfence’s free plugin…
To think, I actually tried blocking IPs by hand once. It was an endless task.
Thankfully, SecuPress Pro can block whole countries with just one checkbox. The same goes for these bad boys:
- Bad content and suspicious long URLS
- SQLi scanner/scripts
- IPs of brute force attempts
- Bad user-agents and requests
Aside from data security, SecuPress also lets you…
Lock WordPress Core, Plugins & Themes
The setting for Plugins and Themes is easy to follow. Basically, you can prevent new plugins, themes, and zips from uploading to your site. You can also prevent your existing goodies from being deleted.
Following that, is WordPress Core Protection. This time-saver allows updates to occur automatically. What’s also cool is it can disallow unsafe HTML in the post editor. Pro-tip: Just tick all the boxes in this section.
Anti-spam, Alerts, Logs & Schedules
In addition to removing data-gobbling spam, SecuPress Pro has options to:
- Block posts with shortcode
- Forbid annoying Pingbacks and Trackbacks
- Schedule backups, malware scans & file monitoring
- Email alerts & reports
- Log all WordPress actions and banned IPs
Finally, it’s good to know that SecuPress offers hacked site cleanups, plugin configuration, and technical support.
SecuPress Pro Services & Support
In summary, whether you want to try the free version, or go for pro, you won’t be sorry. In my opinion, SecuPress offers the best value for your Website Security.
Thanks for reading. If you have any great tips to share about WordPress Websites, Web Copy, or SEO, post a reply!
And be sure to revisit our Freesources page for new free resources and research. Coming Soon: Web Design Trends and How to Write Great SEO Copy.