How do I secure my WordPress website?
Unfortunately, it's very common that WordPress websites are attacked or even hacked. To help you minimize this type of security risk we wrote this article. A number of WordPress plugins and techniques are discussed to make your website even more secure. The plugins and techniques that we show in this article serve as an example, the use of other plugins or versions is of course allowed.
Important
Although securing your website is very important, the use of strong login information for WordPress, cPanel, your customer account and all other accounts may be even more important. We also recommend that you use unique password(s).
Furthermore, it is important to know that the WordPress plugins in this article are not made by Neostrada, so Neostrada cannot provide any support on the plugins and use thereof is at your own risk.
WP Defender: Defender Security, Monitoring and Hack Protection
Defender Security, Monitoring and Hack Protection, from hereon called WP Defender is a WordPress plugin aimed at protecting your website. For example, the plugin can adjust the Admin URL so that malicious parties cannot easily find it. WP Defender can also protect the Admin URL with a maximum number of login attempts, so that malicious parties cannot easily crack your password.
A small number of functions of WP Defender are:
Securing the login page with 2FA (2-step verification with an authentication code on your smartphone).
Enabling notifications with important WordPress or plugin updates.
You can no longer modify the files of your WordPress installation via WordPress. If hackers do enter your WordPress account, this makes it much more difficult for them to modify your files via WordPress.
An IP blacklist, where the IPs on this list can no longer reach your WordPress website.
There are many more functions of WP Defender. An overview of the functions can be found on the WordPress website for WP Defender.
You can install WP Defender via the WordPress Plugin screen, or according to the WP Defender documentation.
For a short explanation about installing this plugin you can use the article: How do I install a WordPress plugin?
iQ Block Country
If you experience negative behaviour from certain countries, you can choose to use the iQ Block Country plugin. With this WordPress plugin you can block specific countries, so you no longer experience any troubles from these countries.
Important: If you use a Caching plugin on your WordPress website, it is possible that this plugin will negatively influence the use of iQ Block Country. iQ Block Country states that the following plugins may work: Comet Cache, WP Super Cache. iQ Block Country states that the following plugins may not work: W3 Total Cache, Hyper cache, WPRocket.
An overview of all functions of iQ Block Country can be found on the iQ Block Country documentation
For a short explanation about installing this plugin you can use the article: How do I install a WordPress plugin?
(re) Captcha security
Neostrada uses reCAPTCHA security on WordPress login pages such as the WordPress Admin URL and domain.extension/wp-login.php. reCAPTCHA is an extra check that you must perform when you visit these pages. Often a check mark in the box next to I'm not a robot will suffice, but sometimes you will have to identify some pictures to continue.
This reCAPTCHA security ensures that hackers cannot guess your password without limit. If you use WP Defender you can adjust the login page, so you will not be stopped by the reCAPTCHA.
