I was wondering how long it would take after starting up this little blog for the bots to come knocking, and it did not take long!
This blog was started on October 15th, less than 2 weeks ago, and as you can see in the image above, it is already getting hit with bots trying to brute force login to the website!
I did prepare for this, though, and wanted to make this post in case anyone else is thinking about starting a WordPress blog. Here are some tips.
1. Use a strong password
First off, use a strong password. Preferably, one generated by a password manager and that is DEFINITELY not used on any other accounts you own.
This will make a brute force login attack pretty much useless. As an example, “sJ^Tm9&cmx@@9!$fgZ3E” will take 3,285,431,628,382,323,000,000,000 years to break with current tech… yeah. You can test out your password here: Randomize. Just make sure to use a new one after you do.
2. Use a security plugin with 2FA
2FA is a good thing to have in place. If, for some reason, your password were to be guessed or stolen from another hack on another website, having 2FA will be a good way to stop them from being able to fully log into your WordPress website.
It will randomly generate a code every 30 seconds or so, which you enter after entering your password. Just remember, DON’T LOSE THIS CODE!
Some plugins that support 2FA:
Some 2FA apps:
- Google Authenticator – Apple / Android
- Ente Auth – Apple / Android
- Proton Authenticator – Apple / Android
Here is a video on 2FA so you can fully understand what you are getting into:
3. Keep everything up to date(Auto updates!)
One of the biggest parts of keeping a WordPress site secure is updates. This is for the WordPress core software, plugins, and themes. They can all become vulnerable if not updated.
3.1 – Core
For auto updates for major versions on the core of WordPress, go to “https://your.url/wp-admin/update-core.php” and click “Enable automatic updates for all new versions of WordPress.”
3.2 – Themes
To auto-update a theme, go to “https://your.url/wp-admin/themes.php”, click on a theme, and then press “Enable auto-updates”. Do this for all themes installed.
3.3 – Plugins
For auto updates on Plugins, go to “https://your.url/wp-admin/plugins.php” and click “Enable auto-updates” on the right side of each installed plugin.
3.4 – OS
If you are also self-hosting WordPress on a rented VPS, you want to make sure you regularly update that VPS and keep it secure. I will link another video below, going over some steps to do this. If you don’t self-host, then you can ignore this.
4. Don’t use random plugins or too many
For the most part, you will need to install plugins on your WordPress site to achieve certain functionality and features that you want. Just don’t go crazy with it, though.
Plugins can be a HUGE vulnerability for your site, poor code, not maintained, etc. It’s best to download plugins with more users and good ratings. Also, before you download one, check and see when it was last updated, if the developer has a website, and if it is active, etc.
Doing these things will make sure you don’t install a plugin that will leave your site open to attackers.
5. Security Plugin
Finally, I recommend getting a security plugin. One of the 3 I already listed above is section 2. You want not only 2FA but also some other features like auto-blocking people who try to brute force into your website.
WordFence is probably the most popular one out of the 3, and it’s pretty good at keeping the bad guys at bay. I recommend going through whichever plugin you choose and reading the info they have available on their websites.
Just make sure you have it all setup properly!
That’s it! Well, that is all I really have to offer here. I am not sure if you can call this “A complete WordPress security guide” or anything like that.
I just wanted to make a post that could hopefully help some people out who are just starting in this space, like me! I don’t plan to do many posts like this on my blog, mostly still anime and movie reviews.
Well, thank you for reading. I don’t have anything to sell you, so Bye Bye!