One of my favorite jobs, is tweaking and fixing people’s blogs. I love to dig into the code, pick things apart, isolate the problem and then fix it.
I love it so much that sometimes I get lost in the looking and the researching and the fixing.
But one thing stops me cold every. single. time. I pop on someone’s blog and they have no security.
Look. I get it. You’re a small blog, or you think you are. You think no one would bother hacking you. You are dead wrong.
The best blogs to hack are the little ones, you know why? They have no security.
It’s no skin off your back to lock up your site, and I’m going to make it easy for you. How about instead of giving you choices I just tell you what I do?
I am already going to assume you have an airtight password, if you don’t please go read this post on how to create a Bulletproof Password. And that you are keeping your plugins updated, if not, read this post about updating your plugins.Forget the choices. I'll just tell you how to secure your #WordPress site in 3 easy steps. Click To Tweet
3 Easy Steps to Secure Your Blog
1) Install WordFence
Wordfence is the #1 free security plugin on WordPress and there is a reason for that.
You don’t have to understand anything to use it. Out of the box it will do its job. But it doesn’t hurt to run through the tutorial and change a few settings. Just grab a cup of coffee or tea, plan to sit in front of the computer for 20 minutes and get her done.
The best thing is the Wordfence scan. WordFence automatically runs a scan of your site. It will find any malicious code or possible breaches. And when it does, guess what? It’s also going to tell you what to do about it. Can it be any easier?
2) Install Login Lockdown
Login Lockdown does just what you think. It locks someone out who tries to login too many times.
The #1 way hackers try to get in to your site is by running a program that adds /wp-admin to the end of a URL, when it happens upon a WordPress site it just starts hammering it with passwords until it gets in.
Login Lockdown says “You did not just try to login to this site 20 times, you are outta here!” I suggest changing the attempts to 5, unless you run a forum, because I’m pretty sure you won’t forget your password 20 times in a row.
3) Install a backup plugin.
Because when all else fails, you’re still okay if you have a backup.
If you’re going for free ones, may I suggest Updraft Plus Backup and Restoration?
I have noticed a lot of blogs are running WP DB Backup, in your plugin menu it will read WordPress Database Backup by Austin Matzko, please, please delete it and either use Updraft or the “real” WordPress Database Backup. The one by Austin Matzko has not been updated in over two years and poses a HUGE security risk.
My advice? Don’t say I’ll do this later, do it now. If you know me, my broken record is my favorite hobby blog got hacked when it was getting 60 page views a day, it was teeny. In the end, it was pay thousands of dollars, or shut it down. I shut it down.
It’s better to never have to even have that conversation.
And remember, I am always around for a free 30 minutes, even if you want to use it to get some help installing these plugins.
I’m always here, my mission is to help bloggers while staying in their budget. Let’s talk.