There are plugins for just about everything and anything. Today we are focusing on securing and protecting your blog. I am going to share key plugins that I find important. If you don’t know what a plugin is, check out part 1 of this series what is a plugin. If you don’t know how to install a plugin, check out part 2 of this series how to install plugins.
In this post, I am going to share some plugins that can help you by providing protection against malware and hack attacks. I am also going to share a plugin for backing up your website so you can restore it if there is a problem.
Think of it like having a lock on the door of your house. You can add a deadbolt lock to make it even more secure. You can then add a fence to fend off would-be intruders, and you can also install a security system. How far you want to go is up to you, as well as your budget.
The same hold true for your website. By no means should you expect what you find in this post to be an all-out complete protection system. After all, even if you completely secure your house, you’d still fall far short of the security you would find protecting Fort Knox. In this post, we are going to review plugins that can provide an initial state of security. I consider these to be essential. You can be the judge.
At the time of this writing, the plugins below are up to date. When you download a plugin, you will be able to see if it is compatible or untested with your version of WordPress.
4 Essential Plugins for Security
Let’s get started with 4 plugins. I have provided the name of the plugin as well as the author, so you can be sure you are getting the correct plugin.
UpdraftPlus – Backup/Restore
By UpdraftPlus.Com, DavidAnderson
The first plugin is for backing up your website. Even if your host has backup, it would be prudent to have your own backup. Your backup is important. It’s your insurance policy for your blog. There are many backup plugins out there, but I think UpdraftPlus is the best. It’s the easiest to use, you can schedule backups as often as you’d like, and you can set how many backups to retain. I use UpdraftPlus.
UpdraftPlus has a free and a premium version. The free version works great and provides you with complete backup just like the premium version. The premium version provides several valuable features such as the UpdraftPlus Vault feature. It allows backups to be saved in the Updraft cloud, so you have a secure, safe backup always accessible. If you are on a budget and opt for the free version, that’s fine, backing up to the cloud is not absolutely necessary.
I’ve had a problem in the past, so I am pretty strong on having a backup and recovery process in place. If you use the free version, you may want to manually copy your backups to another location from time to time (such as your computer). You can go to Updraft to learn more about the features.
Wordfence Security
By Wordfence
Wordfence is a proactive security plugin that protects your WordPress site from harmful and malicious malware and hacking. Wordfence provides a firewall, a malware scanner, and a suite of other features, including blocking bots from repeated login attempts. Wordfence is a must-have. I use Wordfence.
Wordfence has a free version and also offers a premium version. The free version is powerful and will be sufficient for most. Check out Wordfence to learn more about their features.
Disable Author Pages
By LittleBizzy
I’ll first have to tell you what an author page is, and why you’ll want to disable it.
WordPress provides a link on every post to the author of the post (that’s you). If you hover over the author name, you can see the link. Clicking on that link would normally take you to an author page that provides information about the author. WordPress takes the author information from the user account.
At first thought, it seems like a personal page would be cool. The problem is that the url (the link) to your author page contains your username. In the security world, your first layer of protection is a username and a password. If someone knows your username, they are already halfway through their battle to hack your site. Then they will then use an automated hacking program to pound your site attempting to log in with different password combinations, generating them with information about you and with common passwords.
By using the Disable Author Pages plugin, the link to the author page is replaced with a link to your home page. This is a very useful plugin that is very easy to use. I use Disable Author Pages.
WPS Hide Login
By WPServeur, NicolasKulka, tabrisrp
I am going to wrap up this post with this last plugin that changes the login url (link) for your website. There is an easy to find link to log into any WordPress website (unless of course you change it).
If you can hide your login screen, then you are adding yet another layer of protection before anyone can even attempt to find your username or password. In WordPress, all you need to do is add “/wp-admin” to the end of the domain name to reach the login page. For example:
www.your-website.com/wp-admin
And do you know what’s even worse? Some hackers will register an account on your site and try to hack it from the inside. It is very easy for people to register a user account on your site unless you have shut that function off. This is all they would have to type:
www.your-website.com/wp-admin?action=register
And so it is a good idea to change your login url. It is super easy, and you can change it to anything you want it to be:
www.your-website.com/anything-you-want-it-to-be
If you need a refresher on how to install plugins, go here.
Questions? Lay ‘em on me in the comments below!
- My Ecommerce Story Part 2 – Launching - April 28, 2020
- I’m Building An Ecommerce Store – Part 1 - April 13, 2020
- What Is A Self-Hosted Blog? - November 15, 2019