As per the statistics from HostingFacts, approximately 37,000 websites get hacked every day. Thirty – seven thousand is a huge number, and it could be you too. So here I am with an article on “how to secure your blog/site from hackers/infiltrators.”
Here I am going to give you some tips and tricks about converting your blog/site into a secure fortress. This is not a trick but a simple feature that you will like to add to your blog after going through this whole article that helps you to make your WordPress blog secure. Here this article will also help you to reduce the number of the plugins in your blog (if you have a captcha plugin activated).
Not only the captcha but it can also eliminate the use of an extra backup plugin from your blog thus reduce the server load time and increase the speed of your blog.
If you are using the plugin for changing the login permalink of your blog you can remove that too as this plugin will also help you to set the new login URL.
So all you need to do is to go to Plugins>Add New, there in the search bar search for the All in One Security and Firewall and then install and activate the plugin.
Now you see a new tab added to your WordPress admin area named WP Security where all the settings of this plugin exist.
Now just hover over the WP Security tab and click on the Dashboard in the side drop menu. You will see the panel with the score of your WordPress security. In the beginning, the score of your WordPress security will be around 50 or 70 in the security strength meter.
Now all you need to do is to configure this plugin with the proper settings to get a good score on the Security Strength Meter.
First of all, go to WP Security>Settings>General Setting and then scroll down to bottom and check the box in the last as shown in the image below.
Now move to the WP Version Info option and check the box of Remove WP Generator Meta Info. What this will do is, it will remove the information of your WordPress like which version of WP are you using. As in case you are using the old version of WordPress the hacker will surely attack your blog as it will be somewhat easy to hack down.
Now go to WP Security>User Account>WP Username. Here you have to choose a better login name not something like admin and all. If you already have a better login name, you will automatically get the 15 points from here.
Then there is nothing left as you can ignore both the Display name option and Password option under the User Account. But you can check how secure your password is on the Password tab just like in the below image.
For this, you have to go to WP Security>User Login. Under the User Login, go to Login LockDown option and check the Enable Login LockDown feature and other necessary functions. You can also check the email notification box, but that might fill your email inbox with hell lot of spam emails.
You can ignore the rest of the setting in this tab, or if you want to gain more points, then you can go to different tabs and then check the desired settings.
Go to WP Security>User Registration and under it go to Manual Approval. As the name suggest, here you can enable the manual adoption of the user registration on your blog.
Now move to the Registration Captcha, and there you can check the enable captcha on the registration pages box.
Now comes the backup part that will eliminate your backup plugin. Go to WP Security>Database Security. There go to the DB BackUp and enable the automated backup schedule. Also, you can choose the backup time interval, the number of backup files and email notification.
Under WP Security>FileSystem Security go to File Permission, there you have to give the permission to all your files and directory. As default there is no action needed but in case if the action is needed then you have to give the permission and that’s it.
Now move to the PHP File Editing, here you have to check the disable the ability to check the file editing mode. This will save the people from editing or deleting the PHP file from your blog.
Now move ahead to the WP File Access and there you have to enable the prevent access to the WP default file install. It will help your blog’s WordPress files (readme.html, license.txt, and wp-config-sample.php.) access to anybody else from you.
Now you have to jump to the WP Security>Blacklist Manager. There under the Ban Users enable IP or user agent blacklisting. And after that scroll down to the Enter user agents. In the beginning the box will be empty but you have to click on +More Info option and from there you have to copy the bot agents that you might ban on your blog and paste them in the box in front of Enter user Agents.
Go to WP Security>Firewall and there under the Basic Firewall rules check and enable the necessary settings as shown in the image below.
Now you have to move towards the Additional Firewall Rules and here you have to enable the additional settings of the Firewall that will help the security of your blog just like in the image below.
Move ahead to the 6G Blacklist Firewall rules and there enable the 6G blacklist rule and also the 5G firewall protection for you blog.
Under the Internet bots you can enable the blocking of all the fake Google bots which are malicious. Now you have to move to the Prevent Hotlink and enable the image hot – linking protection box.
Here in this you can rename you default WordPress login page. All you need to do is to go to the WP Security>Brute Force and under that go to the Rename Login Page option. There you need to check the Enable Rename Login page and then below that you need to enter the new login address of your WordPress blog which is www.yourblogname/wp-admin/ by default. You can change it to something like www.yourblogname.com/login-details/ or something that you like and remember that in future.
This will not only help your login page from the people but also help to hide whether your site is based on WordPress or not.
Now move to the Login Captcha option where you have to enable the Login captcha option that will help you t secure your login from bots by providing a captcha there on the WordPress login page of your blog.
Now move to the HoneyPot option and check the enable honeypot option feature for your WordPress blog login page.
Comments are the boon for your blog as it is quite interesting to be in a touch with your readers or viewers. It is also necessary to put the captcha in the comment box so that there might not be any sort of the comments from the bots. So all you need to do is go to WP Security>Spam Prevention and under that go to the Content Spam option and enable the captcha on the comment forms.
Go to WP Security>Scanner and under that go to File Change Detection. Scroll down to the File Change Detection Settings. Enable the File change detection scan and it will automatically scans the files of your WordPress blog if any change will be made to them by anyone else than you.
Go to WP Security>Miscellaneous and under that in the Copy protection you can enable the right click protection if you don’t want anyone to use the right click option on your blog.
Then move to the Frame option and there check the enable iFrame option that will help to stop other sites from displaying your content in a frame or iframe.
In the User Enumeration option you can stop the users enumeration.
Note – If your blog is under construction for sometime then you can use and enable the Maintenance mode by going to WP Security>Maintenance with a suitable message to your viewers.
So I think now you are aware of how to secure your blog/site from Hackers/Infiltrators just by using the one single plugin All in One Security and Firewall. With nearly 13 security features you can’t only secure your blog but you can elimate almost some of the plugins, as this plugin is capable enough to handle the tasks performed by them. So not only it will Convert your blog into a Secure Fortress but also make your blog faster in terms of speed.
Still if you have some sort of queries or dout in your minds regarding this plugin then you can feel free to ask in the comment section below or you can also contact us.