This past Monday we hosted the first St. Louis WordPress Meetup West at OPO Startups. We had a good turnout of 15 WordPressers of varying experience levels. The topic of the night was WordPress security using iThemes Security. Both free and pro versions.
Of course, we all agree that we want WordPress security. ithemes is one way to get there. But fully managed WordPress hosting is also important.
iThemes Security Pro plays a big part in the hardening portion of WordPress security we do for our clients. iThemes handles things like limiting the number of login attempts for users, detection for 404 error attacks, and much more. And the great thing about iThemes Security is that it makes everything as easy as pressing a button.
Let’s run through the basic settings you could use to easily increase the security of your WordPress site.
This is a big no-no, but one that too many people don’t realize. Just by using the extremely common username ‘admin’ you’re giving an attacker half of what they need to break into your account. Try to keep usernames to something uncommon. That means don’t use your name or the sites name either.
Limit the number of bad login attempts
To reduce the number of attempted logins before being locked out, iThemes offers a setting called Brute Force Protection. It will prevent an attacker’s bot from brute-forcing a login using a list of common passwords and usernames.
Hide the login area
Ever wondered if a site was using WordPress and typed in the URL …/wp-admin to see? Well, attackers can do that too and easily determine your site is using WordPress plus they’ve got access to your login screen. Simply changing this URL through iThemes to something uncommon like /login-area makes you less susceptible to an attack. Stay away from the default /wplogin iThemes suggests as well. While it’s better than /wp-admin it’s still a default, and attackers can determine what those are too.
In our presentation we cover all of the settings in iThemes for better WordPress security, and what they really mean. If you’re interested in pumping up the security on your WordPress website, even more, take a look at the presentation.
If you’re interested in coming to the next WordPress Meetup West or one of the other meetups offered in the St. Louis area join the St. Louis WordPress Meetup. We’ll be hosting the WordPress Meetup west every fourth Monday of the month at 6:30 PM at OPO Startups.