9 Tips to Keep Your WordPress Website Secure | EP 38

9 Tips to Keep Your WordPress Website Secure

1. Tip #1: Use good hosting 00:53
   • If you’re serious about your website, be serious about your hosting.
   • Shared hosting is what we like to call “hacked hosting”. You are at the mercy of all of your neighbors on your shared server.
2. Tip #2: Limit login attempts 01:58
   • This can be done in a security plugin.
   • It limits the number of times that you can attempt to login, which keeps out bots that are trying to use “brute force attack” to hack into your website.
3. Tip #3: Use Cloudflare 04:37
   • Cloudflare keeps a database of known hackers and automatically blocks them from getting to your site.
   • Listen to episode 36 for more information about Cloudflare.
4. Tip # 4: Two-factor authentication 05:27
   • In addition to a username and a password, you also need a second factor of authenticatiom, such as a code sent to your phone or in an email.
   • Resource: iThemes Security Pro
5. Tip #5: Update your website, themes, and plugins  06:26
   • Keep your stuff updated folks. A lot of updates have to do with security improvements.
6. Tip #6: Rename the folder for the WP admin area 07:01
   • 99% of sites don’t change this. If you change it, then hackers will have a harder time of finding your login page.
7. Tip #7: Don’t show usernames on the front end 07:57
   • Make sure that the author name or permalinks don’t show the username on the front end.
8. Tip #8: Use strong usernames and passwords 09:03
   • Don’t use “admin” as your username. Create a strong username that is more complicated that just your first and last name.
   • WordPress will force you to use a strong password.
9. Tip #9: Move your login page 10:39
   • Change it from wp-login.php to something else. This will make it harder for hackers to find.