Security for your website
In these times where thousands of web pages are hacked per year it is very necessary to place security on your website. If you already have your website and have not yet checked if it has been hacked, I recommend that you do it as soon as possible.
Brief history how I realized that I was hacked: Once I showed one of my web pages on a friend’s cell phone, I realized that it did not enter correctly, and it was very strange because on my cell it worked perfectly, this because on my cell phone it The cache is stored and this made me see that it worked correctly while anyone who found my website in a search engine like google redirected it to any page that hackers are promoting. I contacted my hosting provider who confirmed that I had a Virus (as most of us call it), but like most hosting providers, removing malware (virus) carries an additional cost because you have to hire an application to remove said malware .
Since then I worry more about the security of my pages.
Access to the WordPress panel
This is definitely the first mistake of many, leaving the Admin user, since everyone who tries to hack your website will try to log in with the Admin user.
If you are one of those who still use the Admin user for your website, don’t worry, you are in time to repair this security error. To fix this you just have to enter your WordPress panel, in the left part of your menu you give where it says Users, you select the user you want and change. If you cannot change the username or delete it, it is very likely because you only have a single user, if so, create a new one, remember to place it as administrator. Exit and re-enter your wordpress panel and enter with your new user, and now you can delete the Admin user.
Register users on your website
Unless you have a wordpress theme that you need people to subscribe to in order to edit their profile or something like that, it is NOT recommended to leave this option enabled. To deactivate this option go to your WordPress panel, on the left side of your menu you give it where it says Settings> General> Members * Anyone can register.
Avoid SPAM to your email
Use Google’s reCAPTCHA for either WPForms or Contact Form 7, your contact form plugin, this is very necessary, especially reCAPTCHA v3.
This is necessary because I can assure you that it is very unpleasant to be receiving hundreds of junk emails a month to your corporate email or to the email that you have configured your wordpress. Remember that if you have not created your corporate email I will leave you the publication of how to do it “Creating and configuring Corporate Email of our Website”.
Security Plugin on your Website
Finally and most importantly, a security plugin for your website that helps you in the following 3 points:
- Hide or Change access url to administrator. By this we mean changing the way you enter your WordPress panel that by default we enter with “www.yourwebsite.com/wp-admin”. With a security plugin we can change this and place any way to enter
- Avoid brute force attacks. This will block the user from trying your web page multiple times.
- Create backup copies of your database. This will create backup from time to time, this will keep you safe if at some point a catastrophe happens with your website.
A security plugin that gives you these 3 points will be enough to keep your website more secure.
Then we will leave you the video of how we use these tips on my wife’s website. using the recommended Itheme Security plugin which meets the aforementioned points