Security is an oversight for a lot of WordPress site owners
If you have or building a WordPress site, you are in the market for quick wins. When it comes to securing website traffic, there is an endless number of considerations you have to make.
If you are not a novice web security person, the step for securing your site may be an oversight for you. You may miss a lot of obvious things about your WordPress website security.
Good security doesn’t come in a couple of clicks or in a few mins, but…
There is a simple and easy, no-cost action item you can take. Install Wordfence (or a similar security plugin) and enable at least the basic security settings for your WordPress site.
Wordfence is an all-in-one sort plugin that comes with a lot of security features and it can be configured pretty quickly without much tech or web security knowledge. Their recommended configuration is almost always safe to activate and it activates in a few clicks.
Wordfence also has a high-level overview of your site’s activities in its dashboard:
Things you should do with Wordfence
Enable Multi-factor Authentication (MFA) for your WordPress admin logins
One of the best things you can do for a WordPress site is to secure its admin’s access. And the best way for that is to enable 2 Factor (Multi-Factor) authentication. You can use an authenticator app for this but this setting has to be enabled for every WordPress admin user. Make sure all admin users are 2FA enabled.
WordPress doesn’t come with a 2FA/MFA capability. Wordfence is one of the easiest ways to add 2FA/MFA to your WordPress logins.
Enable rate limiting and automatic blocking
Wordfence will enable rate-limiting in its firewall settings by default. This will also allow Wordfence to block too many failed login attempts which is often an attacker trying to gain access to WordPress admin.
Block countries you don’t have any users from
Especially high-scammer/spammer countries.
Keep your WordPress plugins up to date.
Wordfence will warn you if there are any dangerous/vulnerable plugins that stay outdated.
Wordfence email alerts will be enabled by default, keep it that way
Make sure you at least get a weekly digest to stay on top of your Wordfence activity and alerts.
If you have multiple WordPress sites, use Wordfence Central to manage the Wordfence installations across sites
Check out Wordfence: https://www.wordfence.com/
Note: This is not a paid or affiliate post. I just like Wordfence and recommend every WordPress site to have it set up if Security is not in y our radar when creating a WordPress site.