Why secure your WordPress site?
Securing your website is an essential step, and should be considered from the outset.
NetDevices is aware of this problem. Indeed, many sites, particularly e-commerce sites, are currently falling prey to cybercriminal attacks of varying degrees of intensity.
The benefits of a "safe" site:
- "Securing your site means improving your ranking": This criterion is now at the heart of every web marketer's principles. Indeed, in 2017, Google announced its intention to favor the ranking of HTTPS sites in search results.
- A better experience for managing your data and information.
- Avoid phishing (phishing), the spam or the defacing (deleting or replacing your website with another) = more confident Internet users. Indeed, "who would agree to communicate their personal data on an unsecured site? "
The aim of this article is to advise and guide you through the 6 steps to securing your WordPress site.
Tip #1: Secure Back Office (wp-admin)
Many practices, such as creating a complex password or setting up a CAPTCHA* on your site's forms (for login or registration, for example) can be useful, but they are not enough. A good practice for you will be to secure the login area to your back-office by modifying the login URL.
This is made possible by WordPress extensions such as WPS Hide login.
What is WPS Hide login?
This WordPress plugin lets you securely modify the url of the login form page, without impacting your files.
How it works
This plugin from WPServeur (WordPress host) lets you customize your "wp-login" and "wp-admin" login URLs during configuration.
Attention : It's important to remember the changes you make to your URL so that you don't encounter any problems when you log on again.
To return to the original URL, simply deactivate the plugin.
Tip #2 (for older sites): Switch your WordPress to HTTPS
HTTPS (HyperText Transfer Protocol Secure) is the combination of the HTTP protocol and the SSL certificate.
The HTTP protocol corresponds to a communication process established to establish a connection between a web browser (ex : Chrome, Firefox, Explorer, Safari) and a server hosting all the data for your website.
The SSL certificate is a data file that binds a cryptographic key to the data on the server. In other words, it's a security "padlock" that activates the HTTPS protocol during the connection between server and browser.
Note: Switching to HTTPS protocol not only secures your collected data, but also complies with Google's criteria, which can have a positive impact on your SEO.
Tip no. 3: Choose your template carefully
The choice of your WordPress theme is also a factor to consider when securing your site. These (especially the free themes) can hide viruses.
"How do I know if my theme is hiding a virus?"
A virus on your wordpress site can be identified in different ways, for example :
- Redirects to other sites when someone tries to access a page on your site from the URL or a search engine (which can have a negative impact on your SEO: Google doesn't like hidden links).
- Constant bugs with your builders or when previewing pages
To counter this, you need to install an antivirus.
Tip 4: Install an anti-virus and anti-spam plugin
There are a multitude of anti-spam WordPress plugins. The best-known are : Wordfence Security, Ithemes Security and JetPack.
JetPack
It's a very popular WordPress extension suite, offering multiple tools for :
- Design (Jetpack themes for WordPress, subscription management, forms and comments)
- Performance and SEO monitoring (statistics, Google Analytics integration),
- Security tools (anti-spam, protection against brute-force attacks, site backup and restoration, etc.). ).
There are currently 4 Jetpack packages: free, personal (€3.50 per month) , premium ( €9 per month) and professional( €29 per month).
Wordfence Security
This is a WordPress plugin designed to secure your entire site. It will protect you against brute-force attacks, as well as detecting potential suspicious modifications and malware. It is available in both free and premium versions ($39 per year).
Premium version features: more frequent scans, improved spam filtering in comments, technical support
Note: for a "small" site exposed to fairly standard risks, the free version is more than sufficient.
Itheme security
This is another example of an antivirus plugin. This one is available as a paid version only. It offers the same features as the previous examples.
Tip no. 5: Don't forget CAPTCHAs
There are several types of CAPTCHA. The best-known is the visual test, which takes the form of a series of distorted characters (letters and/or numbers) that the Internet user has to copy into a reserved space.
Note The distorted captcha characters are only human-readable, and cannot be deciphered by robots. This test will therefore verify that you are a human being and not a computer program.
Another technique is to simply tick a box saying "I'm not a robot".
Another type of CAPTCHA will be based on human verification using images.
This method consists of analyzing the user's behavior when checking the box. In case of doubt, a series of images will be displayed.
These different captchas are commonly found when logging into an account or filling in a form.
An example of a WordPress plugin : WP reCaptcha.
WP reCAPTCHA
This is a WordPress plugin that lets you secure logins, registrations and comments with a captcha.
Note After configuring the plugin, captcha will be automatically integrated into your forms.
This plugin is compatible with other extensions such as Woocommerce (integrates with order forms), WP Multisite and BBpress (forum management).
Tip no. 6: Regular backups of your site
It's important to keep backups of your WordPress. In the event of a problem, this will enable you to restore your entire site.
Two backups are made:
- your database
- that of your website.
This can be done manually or automatically using WordPress extensions (recommended).
An example of extensions : BackWPup.
BackWPup
This WordPress plugin specialized in backup and restore offers several features, namely :
- Database backup, optimization and repair
- Export articles and pages as .xml files
- Creation of backups in zip, tar, tar.gz, tar.bz2 formats
- Send backups to your FTP server, Amazon S3, Google Storage, Microsoft Azure, RackSpaceCloud, Dropbox, SugarSync...
- Sending logs and backups to your email address
Would you like to create or redesign your Worpdress website?
NetDevices is with you every step of the way.
Contact us for a free quote.
![[Retail] At Leader Price and Franprix, you can have your groceries delivered by your neighbor](https://www.netdevices.fr/wp-content/uploads/2023/11/Capture-décran-2023-11-24-à-10.02.24.png)