If you are an installed WordPress website user, security is a must. As you may know, sometimes using plugins can leave your site vulnerable to attacks and attempts to hack into your site. Having layers of security can help you protect your site from hackers or slowdowns.
If you are using other platforms for your website, like Squarespace, GoDaddy, WIX, etc., you still need additional layers of security too, but they are built into the platform you are using.
Let’s look at some tools and tips you can use to secure your WordPress website easily.
5 Top Tools for Website Security
Here is a quick list of my top tools/tips and below I will discuss them completely.
- An SSL certificate is critical today
- 2FA Password Layer
- Wordfence plugin
- Anti-Spam plugin
- Complete Updates Weekly
SSL Certificate
An SSL Certificate is a crucial part of your site security today.
What it is? It is the “s” at the end of the http:// in your URL. It was originally used for payment for shopping sites, banking, and businesses that needed a higher level of security but for many years now, it is considered a required part of your website name.
If you are on a website that is hosted by a third party, like HostGator, etc., the SSL certificate is usually free and is attached when you set up your website. If you are not on a hosted site like that, the platform you built your site on should have an SSL certificate attached. Examples are: WordPress.com, GoDaddy, WIX, etc.,
If you still do not have one due to the platform you used to build your site or your website being older, you can purchase an SSL through a third party and have it installed on your site. Another option is to go through your domain provider for an SSL addition.
Why is it a big deal especially if you are not collecting payments of any kind? Good question!
Google has been downgrading sites without SSL for several years. They have required a safer experience for your visitors (and theirs) and using an SSL gives additional protection.
Maybe you have visited a site that gives you a warning that says something like – This site may be trying to obtain personal information. Or “Unsafe Link”, if your firewall provider checks links for you before opening.
While that is not necessarily the truth that the site is unsafe or trying to steal your info, it does make you stop and think, maybe even leave the site. Many times I have experienced this, the warning is due to the SSL needing an update.
2FA Password
A 2FA password is a second layer of access to your website. This allows you to put in place a phone number for a text to your phone for authorization that it is really you trying to log in.
This is a great tool to slow down hackers and protect your valuable information. It is included in most WordPress installations automatically but can be added through a plugin too if you do not have it.
This brings me to my favorite plugin
Install Wordfence Plugin
Wordfence is a free plugin with a paid upgrade to add a firewall to your WordPress website. I have used the free version for many years and it has saved me multiple attempts of hackers into my sites and into my client sites.
This allows you to tighten security over login attempts, retrieve lost password attempts, get notifications of attacks, extend lock-out periods, block IPs, and more. I love this thing!
I usually set my login attempts to 3, password retrievals to 3, and lock-out periods to 4 hours. Understand you are included in these rules! So if you lock yourself out, you too are waiting! LOL
You can start with a lower amount of time, like one hour, then update if you are under attack from bots. It has been my experience that once it is moved to a 4-hour lockout, that stops the attack faster. I recommend it to all of my clients and you can play with it on your own site.
Anti-Spam plugin
If your site gets a lot of spam comments, add an anti-spam plugin. Akismit is a well-known one that is usually installed with WordPress and works well. There are others out there too.
One thing of note is if you are on WordPress, make sure to go to your Settings and under Discussion, mark that you must manually approve all comments. You need to make sure that your site is free from comments that include loads of links, or any link you do not know.
Those links do count in terms of outgoing links from your site and can hurt your rating on Google and other search engines, especially if they are going to spam sites.
If you have a site with a lot of comments, like a giveaway site, etc., I recommend you go through your comments in the dashboard by searching for HTTP in your search bar, then Quick Edit out the URLs.
I had to clean out one of my sites that had thousands of comments and trust me when I say it took days and a lot of frustration!
Complete Updates Weekly
Finally, do your updates in WordPress weekly. The reason the updates are there is that the builders of the plugins and themes, and even the WordPress mainframe, have updated vulnerabilities that could affect your site.
It only takes a minute and you lessen the chance that your site is impacted in the long run.
WrapUp
I hope this list of my top 5 tools for website security helps you and your WordPress site. Let me know some of your favorite plugins or tools you use for your website security in the comments below.
If you haven’t signed up for my post notifications, get on the mailing list! I would love to have you and you get a freebie too! 🙂
0 Comments