Secure WordPress site, all you need to know about.

Secure WordPress site

We all have come around the term “Secure WordPress site”.

For instance, we come across many websites or know about website development. With the launch of WordPress site, things for developers become easier.

  • WordPress provides many features, few mentioned are such as –
  • Better theme options.
  • Managing the content of the website with ease.
  • Providing plugins to add functionality.
  • Helping in creating a website without prior needed logical skills.

With many advantages of WordPress-

There arises a question that is “how to secure WordPress site?”

1. The threats regarding the term “Secure WordPress site.”

WordPress is getting more popular due to its powerful content management system.

It is growing and popular among the community of developers.

However, with the advantages comes security and vulnerability issues.

Hackers from all around the world are particularly targeting the WordPress site.

When it comes to Secure WordPress site, one must take the issues seriously as threats are rising and hackers are active.

Recently, the popular web hosting company GoDaddy uncover the issue that around more than its 1.2 million WordPress accounts became victims of phishing attacks.

Meanwhile, the customers had their numbers and email addresses exposed to unauthorized third-party.

Hence, it created havoc and fear among WordPress users about the security of their site and regular attacks by hackers.

2. Our story regarding the Secure WordPress site.

Showing the increase of attacks on WordPress sites, we faced similar issues too where our website which was hosted on Amazon EC2 attacked by hackers and malicious codes founded.

After that, the site started showing unwanted content that was inappropriate and irrelevant.

Now, the question arises how do we fix it?

Yes, we were able to provide security and resolve the issue of threats.

The few pointers that followed while fixing the WordPress site are as follows-

  1. Targeted the issue and tried to look for the best plugins that we will describe more in detail as we proceed.
  2. Tried to make our URL login fixed again as it was changed.
  3. After that, compared the sources and found the malicious stacks of codes that required fixing.
  4. Removed the unnecessary code and fixed the issue.
  5. Use of the plugin “All In One WordPress Security and Firewall Plugin” to take the security of our WordPress site to a new extent.
  6. In addition, in the below image, the source code on left is from the official WordPress website and the source code on right was present on our server. We compared and removed unnecessary code from core WordPress files.
Secure WordPress site, demo of code.
  • On the whole, hacker inserted below shown code in wp-login.php which was the ultimate reason how they screwed up and put down the domain’s reputation on search results.
Code put by hackers.
( Secure WordPress site)

3. “All In One WordPress Security and Firewall Plugin” to “Secure WordPress site.”

We have various plugins when it comes to WordPress sites.

When it comes to the security of WordPress sites, “All In One WordPress Security and Firewall Plugin” comes to the rescue by providing ultimate security to the WordPress site.

  • In other words, it reduces the risk of attacks by checking for vulnerabilities.
  • Works with WordPress,
  • Can be translated to any language.

In addition, the plugin is free to use.

It is easy, comprehensive, provides additional security, and is well supported when it comes to WordPress Security Plugin.

4. A detailed step-by-step guide to detect malicious codes and to Secure WordPress site.

In this paragraph, we will discuss in detail the steps which can be helpful to Secure WordPress site.

4.1 Download the plugin.

(Process to Secure WordPress site)

The first step requires the download of the plugin, “All In One WordPress Security and Firewall Plugin” which can be downloaded using the following link –

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

In addition, in this situation, you must not need to give written permission of wp core files to www-data  because hackers keep trying to login with admin accounts to play with file systems.

Follow installation process mentioned below –

4.2 Installation process.

  1. The steps that are needed to follow while installing the plugin are as follows-
  2. Upload the ‘all-in-one-wp-security.zip’ file from the Plugins->Add New page in the WordPress administration panel.
  3. Activate the plugin through the ‘Plugins’ menu in WordPress.
  4. Go to the Settings menu under ‘WP Security’ and start activating the security features of the plugin.

4.3 Creating a Github Repository.

The next step that we used is creating a repository on Github.

  1. After downloading the “All In One WordPress Security and Firewall plugin”, we have extracted the plugin under the wp-content/plugins folder.
  2. Once the first step is done, the next move was to commit and push the latest code to Github https://github.com/
  3. Following the completion of the above steps, we deployed the latest code to the EC2 Linux server.

4.4 Account security of the user.

The next feature we have used from the plugin was “user account security” to secure our account, and here is how we have done it.

  1. The first step involved user account review, this feature helped in detecting the user account which has the default “admin” user name, and helps in easily changing the user name to the value of our choice.
  2. This plugin feature also helped in detecting the identical login and display names for our other WordPress accounts, as it’s easier for hackers to find the identical login names and hence the bad practice for security to keep identical names.
  3. We created a strong password using online services which provide a password manager tool to strengthen the security of our “WordPress” site.
  4. The tool that we have used for generating strong passwords was the “LastPass” password manager tool.

4.5 “LastPass” password manager tool.

LastPass is an online password manager tool that provides secure, random, and strong passwords, the link for this tool is https://www.lastpass.com/

Weak passwords can be easily targeted by hackers and hence it’s important to strengthen the password especially when life is happening in the new digital world. In other words, The password of the user must be strong enough to be protected from attackers. Tools like LastPass make our work easy by keeping the information secure.

The features of the LastPass password manager tool and tips to be followed when generating a password are-

  1. It helps in login into accounts easily and securely.
  2. It generates strong passwords as we sign up and remember all the information for the user.
  3. To create a password that is impossible to crack, your password must include multiple types of characters such as the use of numbers, uppercase letters, lowercase letters, and special symbols.
  4. This tool provides different types of passwords for each app or website and hence helps in defending against the attackers.
  5. The tool runs locally on all devices be it Windows, Mac, Linux, or iOS and Android devices.
  6. It provides a unique password as if our one site can get hacked then it’s easy for hackers to create a combination of passwords and attack on our other sites too, by providing uniqueness, the LastPass tool comes to our rescue of security.
  7. Whenever you create a password try to avoid using your personal information such as name, birth date, address, etc. as personal information can be easily found online, and therefore, the hackers can trace the information and it can be threatful.
  8. The password must be at least 12 characters long.
  9. Try to avoid sharing your password via emails and texts, one should use tools like “LastPass” which has a feature to share a hidden password and provide access when the time required.

4.6 Login security of the user.

To Secure WordPress site– For login dissolve, we used the “user login security” feature of the plugin where the “Login Lockdown feature” was enabled, it provided a maximum of two attempts of login and if both the attempts fail, it provides the notification and blocks the attempt for 24 hours when someone gets locked out due to too many login attempts. Not only does this feature keep track of the activity of account of all users such as username, IP address, login date/time, and logout date/time but also can automatically lockout IP address ranges that try to attempt to login with an invalid username.

4.7 Registration security of the user.

By using the feature “user registration security” of the plugin “All In One WP Security & Firewall” our WordPress site was more secure as this feature allows manual approval of WordPress user accounts.

By the time, if your site is allowing people to create their accounts with the WordPress registration form, then you can cut down SPAM registrations by manually approving each of the registration.

4.8 HTACCESS and WP-CONFIG.PHP file backup and restore.

With this feature, it is now easy to get the backup of your original .htaccess and wp-config.php files in case you have to use them to bring back broken functionality. Also, can reform the contents of the presently active .htaccess or wp-config.php files from the admin dashboard and that’s possible with only a few clicks.


4.9 Blacklist manager.

To provide security to the WordPress site, we have used the blacklist functionality feature of the plugin that reviewed the IP address on the server and blacklisted such users by identifying the IP addresses. As a result, it helped in improving the Search Engine optimization results.

4.10 XML-RPC file was removed from source code.

Do it carefully as this file may need if you’re connecting to third-party systems.

4.11 Firewall functionality. 

The “Firewall functionality” feature helps in stopping malicious script(s) before it tries to reach the WordPress code on your site.

In addition, this feature providing a control facility, prohibiting proxy comments, disabling trace and track, forbidding malicious queries, and blocking access to debug log files. In addition “firewall functionality” blocks bots and fake Google bots as well.

5. Google Search Console tool.

“Google Search Console tool” helps in indexing status and provides optimization results of visibility of the websites.

Moreover, with the help of this tool best security is assured as it notifies about the malicious codes for already registered sites.

In general, google crawls the websites over the internet every 3-4 days but this tool allows us to add a specific page for indexing at priority and google crawls them in 24-48 hours.

6. Conclusion.

In conclusion, following the above steps, one can Secure WordPress site.

Similarly, using the mentioned steps, our Search Engine Optimization result of the site was improved as well.

Simultaneously, check out our other blogs as well.

https://taketwotechnologies.com/moodle-lms/

https://taketwotechnologies.com/moodle-plus-bigbluebutton/

https://taketwotechnologies.com/synchronous-learning/

moodle-based-lms provides top 10 advantages

Moodle 4.0 Course Page Structure Release

Forum: A tool that helps to communicate

Dashboard Redesign Unlocked

Moodle 4.0, sneak peeks into the UX

An Intuitive Learning Environment

In addition, follow us on Linkedin to get all the recent updates. https://in.linkedin.com/company/take-2-technologies

For further queries, you can reach out to us via email-[email protected]

Also, get in touch with us for your requirements, we would love to hear from you and solve your queries.