This article assumes that you already have WordPress installed on your Website Hosting space. If you do not currently have WordPress installed feel free to follow our installation guide at WordPress Installation
Now that you have WordPress installed and you’ve started customising your website, you’re probably eager to go ahead and get word of your new website out there. At the moment however that could do more harm than good. Although you most probably have the very latest WordPress installed this doesn’t mean you’re 100% safe from malicious users, by following this guide you’ll be toughening your WordPress installation to stand up to all sorts of different attacks on your website
Installing “better WP security” plugin:
Better WP Security plugin allows you to hide areas of WordPress that will give away any vulnerabilities, such as the login areas, version numbers as well as allow you to rename your admin account username. However this plugin also allows you to do more than just hide vulnerabilities, you can use it to actively fight against any attacks on your website.
To begin, log in to your WordPress admin area (This is usually yourssite.com/wp-admin) and click the “Plugins -> Add New” option, you will then be taken to the Install Plugins page, as shown below, where you should search for “better WP security” as highlighted in the image.
You’ll then be presented with a list of plugins – the top one listed should be the correct one. Click the “install now” link to begin the installation as highlighted in the image below, this will begin the download of the plugin and installation.
The installation should complete without any warnings, click the “Activate now” link to begin using this plugin.
Customising “better WP security” plugin:
After enabling the plugin you should be taken to your plugins page, click the “Create desktop backup” to have a backup of your database emailed to your email address. You should then click the “Secure My Site From Basic Attacks” as this will give us a good starting point to configure from.
You should be presented with an options screen as shown below, from this list you should see “Your WordPress admin area is not hidden”. Click the link to begin fixing this issue.
After clicking the link you may be asked to turn on WordPress permalinks, in which case go ahead and follow the link and set them to “Post name” before returning back to the Better WP Security plugin.
You should now configure the pages to be hidden to how you like, in my this example I have simply prefixed “hidden-“ before each option, you may want to try something more unique and related to your website for extra security measures. You can then click the save button to update your settings as the image below shows.
Now you’re already protected against the most simple of hacking attempts such as brute force and dictionary attacks which is a great start – however, we also recommend that you return to the Better WP security dashboard and follow links to fix the issues written in red (for example Admin username and account ID).