How to Secure WordPress Sites from Hackers ?

How to Secure WordPress Sites from Hackers

How to Secure WordPress Sites from Hackers ?. WordPress blog hacks can be very annoying. Over 90,000 botnet hacks attacks are recorded every week on average, And if you want, no one hacks your site ever, so you have to think again. The problem with hacked WordPress Blogs or Sites is that they continuously spread botnets or some kind of code to other related sites as well.

The only way to curb such attacks is to secure your Blog or Website. And one of the obvious things that you should do is maintain distinctive your username and password. Most users are sometimes lazy and leave common usernames to their site admin panels such as ‘Admin’ ‘managers’ and so on. These can be easily tracked down with bots and hack. And also it is recommended that you should change your password and ID frequently.

Adding an SSL certificate is most important for any website site. It provides security and improves keyword ranking in search engines. If you have a WordPress site with many subdomains then wildcard SSL is the perfect one to buy. We have found a list of the Cheapest SSL Wildcard Certificate providers that helps you a lot.

Better WP Security

Although these may delay the hack attacks, they will not fully prevent attacks. The best way to do this use security plugins like Better WP security. These are the steps to install this plugin to secure your site. First, download this plugin and install it from the admin panel using the – add new – plugin option. Once this plugin is installed, simply activate it and you will be led to the options panel as shown below.

website security

All options are already set for you in the plugin. Ensure the Hide Backend tick box is checked. This feature hide or alternate backend WordPress URL, this secure your site from hackers. The plugin works in a different number of ways to secure your blog or website from unwanted hacker threats, as a whole it scans the website for vulnerabilities and security from potential hackers threats. This plugin also manages to effectively hide weak passwords and obsolete software from hackers.

s2

Clef – Log in to WordPress with a smartphone

This is one of the coolest innovations I’ve seen recently. To get this started, go to getclef.com and click on Download App, and follow all prompts to download the app for your cell phone. Open this app and create an account using the same email address that you are already using in your own WordPress profile.

Then, go to your WordPress site and install the Clef plugin.

Go to Settings > Clef and enter a descriptive name for your site, log in to the page, and click Submit button. This will create an API key to enable the start of using Clef. You have the option to choose whether or not to use Clef exclusively (and the disallow usernames/passwords) or use the Clef to supplement your login options.

clef-login-screen

Now, go to the login page on the WordPress site and click on Log in with your cell phone. A Wave will appear on the screen, open the app on your smartphone, and matches the wave at your smartphone to the wave on screen, it will automatically log you in.

wordpress hacks

It’s really very hard to describe how this trick works, so it’s something, you have to try for yourself.

Google Authenticator plugin:

If you have spent a lot of time creating your site or blog over the year. So in this article, I will show you how can you set up 2-Step Authentications for your self-hosted WordPress.org blog or website which should take you less than 5 minutes to complete but will give you a much better level of security. If you are looking for steps to take to implement 2-Step Authentications on your free WordPress.com sites, then refer to this article
Step 1:
Download the Google Authenticator plugin for WordPress, and install and activate the plugin.
Step 2:
Download and install the Google Authenticator app for your Smartphones
Android (Require Androids OS 2.1 and later)
iPhone, iPod Touch, iPad (Requires iOS 3.1.3 or later)
Blackberry (Require BB10.0 or higher)
Step 3:
Go to your User Profiles (users>your profile) where you find Google Authenticator Setting

activate-Google-Authentication

After clicking Hide/Show barcode (just reveal that barcode so you can scan it)

barcodes

Step 4:

Activate that Authenticator by checking boxes after Activation and clicking Show/Hide QR codes which will show your unique barcodes. And Also make sure you add your name in the description box that you can associate with your site. (for example TechFleece 2-Step) If you wanted to enable the App password you can do this, but that will decrease the overall login security. People who use third-party software for posting an article to their WordPress site may wish to enable this.

Note: Users of the iPhone app may have issues scanning barcodes If there is space in descriptions. This has been resolved, but when unable to confirm, I do not have an Apple device.

Step 5 – Important

Click  Update Profile once you have added your site description and checked the Active boxes. Now you are ready to scan your barcodes.

Step 6:

Grabs your smartphones and open that Google Authentication app, you have just downloaded. When you first start that app, the main page will be empty. Click on the Option icons (top right) and then choose Set up accounts

createGA-account

Select Scans barcodes from the option, and then choose which programs you like to complete that action. In my example, below you can see, I scan the barcode using either QR Droids or default Google one

 scan app

This app will instantly scan and creates your accounts. You will now see your WordPress account detail like the description name you gave in the WordPress presents and also a newly generated number.

Google-Authentication-code

These number changes every 30 seconds, once you have entered the number when you are actually login again, you will have to short time to press enter. But Don’t worry,  if you miss that time Slot, you can simply use the next generated numbers instead.

Logging In for the first time:

First, make sure, you are logged out from your site. Now again login back and you will have to put your Username and Password, and you will also be required to put your secret Google Authenticator code. You won’t have done this every time, will require when logging on via other devices.

Leave a Comment