Login

Securing WordPress

This article assumes that you already have WordPress installed on your Website Hosting space. If you do not currently have WordPress installed feel free to follow our installation guide at WordPress Installation

Now that you have WordPress installed and you’ve started customising your website, you’re probably eager to go ahead and get word of your new website out there. At the moment however that could do more harm than good. Although you most probably have the very latest WordPress installed this doesn’t mean you’re 100% safe from malicious users, by following this guide you’ll be toughening your WordPress installation to stand up to all sorts of different attacks on your website

Installing “better WP security” plugin:

Better WP Security plugin allows you to hide areas of WordPress that will give away any vulnerabilities, such as the login areas, version numbers as well as allow you to rename your admin account username. However this plugin also allows you to do more than just hide vulnerabilities, you can use it to actively fight against any attacks on your website.

To begin, log in to your WordPress admin area (This is usually yourssite.com/wp-admin) and click the “Plugins -> Add New” option, you will then be taken to the Install Plugins page, as shown below, where you should search for “better WP security” as highlighted in the image.

pluginsearch

You’ll then be presented with a list of plugins – the top one listed should be the correct one. Click the “install now” link to begin the installation as highlighted in the image below, this will begin the download of the plugin and installation.

pluginresults

The installation should complete without any warnings, click the “Activate now” link to begin using this plugin.

Customising “better WP security” plugin:

After enabling the plugin you should be taken to your plugins page, click the “Create desktop backup” to have a backup of your database emailed to your email address. You should then click the “Secure My Site From Basic Attacks” as this will give us a good starting point to configure from.

You should be presented with an options screen as shown below, from this list you should see “Your WordPress admin area is not hidden”. Click the link to begin fixing this issue.

betterwplist

After clicking the link you may be asked to turn on WordPress permalinks, in which case go ahead and follow the link and set them to “Post name” before returning back to the Better WP Security plugin.

You should now configure the pages to be hidden to how you like, in my this example I have simply prefixed “hidden-“ before each option, you may want to try something more unique and related to your website for extra security measures. You can then click the save button to update your settings as the image below shows.

betterwphidden

Now you’re already protected against the most simple of hacking attempts such as brute force and dictionary attacks which is a great start – however, we also recommend that you return to the Better WP security dashboard and follow links to fix the issues written in red (for example Admin username and account ID).

Now you’re all protected, why not look into Optimising Your WordPress Website?

About Chris Danks

Chris Danks has written 136 post in this blog.

Chris is a British businessman, Chris started in the hosting business in 2001 at the age of 15. The business was re-branded to Cyber Host Pro in 2003 and has since grown to have thousands of customers around the world who trust Cyber Host Pro to manage their web hosting and servers.

Get in Touch. We Can Help!

We can help you to set up our products and give you an answer fo your questions