Keeping your website secure can seem daunting at first. To make it easy for you we have put together a comprehensive checklist that you should look for when securing your WordPress website.
The basics of security
- HTTPS (SSL)
- Having an SSL installed is the first step in securing your site. Once installed all your URLs need to include HTTPS not HTTP. This will ensure that your website is the correct site your server talks to and that your user data, such as login and financial information, is encrypted.
- There are multiple ways to get an SSL, sometimes your host can provide one for you or you can access one from many third-party providers using a quick google search.
- Accurate Visitor IP Detection
- This is the most common way for WordPress security plugins to block malicious requests. If a user tries to, and fails, login multiple times a cool down should be in place that restricts the login for a set period of time.
- Requests need to always be checked for validity.
- Shield Security tries to do this automatically, of course, but sometimes a server configuration can be… unexpected. To solve this, you can tell Shield what your IP address is right now, and this will help Shield determine the best method of detecting the visitor IP going forward.
- To find your IP address click here
- Brute Force Login Protection
- Using ‘brute force’ is a way for an attacker to gain unauthorized access while D/DoS is used to bring down a site. These types of attacks also may crash your site or slow it down for other users.
- Shield is designed to protect your WP Login against automated, brute force login attacks from bots. Shield brings its exclusive AntiBot Detection Engine to your login pages to detect bots without the need for any CAPTCHAs, or any other UX-destructive additions to your forms whatsoever.
- Block 100% Comment SPAM by Bots
- Nearly 100% of SPAM comments are by automated BOTS. Spam comments can include malicious links and code that could open a back door for attacks on your site. It’s also super frustrating managing these spam comments in your dashboard, they are considered the biggest bane of every WordPress administrator’s existence on this earth.
- Shield Security provides exclusive, highly effective techniques to block BOT SPAM with no CAPTCHAs (really!) Unlike Akismet, we never send your private comment data to 3rd parties for processing so you stay as compliant as you need. The technology used to block comment SPAM is the same as that for login protection… so there are no CAPTCHAs or any other annoying extras added to your forms.
- A firewall acts as a guard between those trying to access your site and your site itself. It applies a set of rules for incoming and outgoing traffic in order to protect your site.
- Shield offers a complete firewall with several components to easily configure it for your site’s needs.
Automated Security Essentials
- Malware scanning and repair
- Removal of unused, inactive plugins and themes
- Plugin/Theme file protection and repair
- User Security Policies such as Password and Auto-Suspend Idle Users
- Auto plugin, theme, and core updates
Optional items to earn users trust
- Demonstrate To Visitors That You Take Security Seriously
- Showing off a secure badge on your site instantly makes the user feel more comfortable when entering information or making a purchase. This simple step could increase your conversions and leads once applied.
- Shield’s Security Badge demonstrates clearly that you take security seriously, both for yourself and also that of your customers. Enabling this option adds a translucent badge to the footer of your site.
- Powerful Firewall is intercepting and blocking malicious traffic.
- Always watching for bots and maintaining a reputation score for each visitor.
- Scanning your core WordPress files and directories for changes and new files.
- Automatically blocking malicious visitors by IP (so you don’t have to maintain an IP list yourself).
- Protecting against the #1 source of Comment SPAM.
- Keeping a log of everything significant in your Audit Trail.
- Protecting your important user forms such as Login, Registration and Lost Password.
This list is the core security measures that you need to keep your site secure, but there are many other smaller optimizations that are not mentioned above. It can all be a little overwhelming, but luckily for you we have incorporated the above lists and more into our Shield Security plugin, your complete security solution for WordPress.
If you have any questions or would like to know more about how it can help keep your site secure contact us directly or ask the Shield community in our Facebook group.
Until next time.
Paul and the team.
Great for eCommerce site
I installed WP Simple Firewall because it has all of the auditing and security features needed for my eCommerce site. It is a robust firewall plugin — it took a little to understand all the features, but support is incredibly responsive to resolving any issues.
Very happy with this plugin. It offers a lot of features to keep your site well protected. Thanks guys
I’ve defaulted to using Simple Firewall on all my sites. After having issues with hacking and other problems with the openness of Word Press, this plugin has become a main component of all my Word Press builds. Easy to setup, superb control and excellent support.