Why this FREE WordPress security plugin is our absolute favourite to keep out hackers.
With over 75 million websites around the world using WordPress, it’s no wonder they are a popular target for hackers. It would be much less efficient for them to find individual WordPress websites to target. Instead, they find security vulnerabilities in the source code and use them to attack lots of different sites at the same time. The WordPress developers do their best to mitigate these threats by sending out regular security patches, however, this is not always enough to prevent a successful attack.
Our absolute favourite freemium WordPress security plugin, iThemes Security (formerly known as WP Better Security) is a great way of protecting against some of the common vulnerabilities targeted by hackers. Here is a quick guide on what features the plugin has and how to set it up to suit your website’s needs.
It runs an initial security check to scan your website for vulnerabilities.
The initial security check is how the plugin first analyses your site. It sets up the plugin and enables all the recommended settings, as well as asking for an email address to sign up to the iThemes Brute Force Protection Network. This is a network of blacklisted IP addresses that the plugin builds from the over 900,000 websites in its network. If someone repeatedly tries to attack one website, then they will be blacklisted from the entire network. Once the security check is complete, you should a set of green ticks. (Or not if there are some suggestions).
It secures your site from brute force login attempts.
Brute force hacking is effectively like trying every single combination on a keypad lock. Bots often scan websites and try common username and password combinations such as admin and Password1. If the plugin detects that a bot may be trying repeated login attempts, it will timeout their IP from your site and send you an email notification. Likewise, if a human tries to do the same thing and guess a password, it will time them out as well. Repeated timeouts will eventually lead to that IP being blacklisted. This helps you to have a more secure login system.
It detects when files have been changed.
If a hacker were to gain access to your site, they would probably edit your files. This could involve changing your current files, deleting your existing files, or even adding their own malicious files. The iThemes Security plugin keeps a note of what files you have, where they are and how big they are. So if anything changes, you will receive a security alert notification.
It detects bots scanning for security vulnerabilities.
404 errors are thrown when a user attempts to access a page that does not exist. This is usually when a user types in a URL wrong or follows an old link. However, 404 errors can also be thrown when bots are snooping around and trying to find vulnerabilities in your site. Enabling 404 detection protects against this type of threat. If a user gets a certain amount of 404 errors within a short space of time, then it is likely they are a bot, and so their IP will be timed out. Similarly to brute force protection, repeated timeouts will lead to an IP being blacklisted.
It forces your WordPress users to choose strong passwords.
iThemes themselves describe strong passwords as one of the best ways to lock down WordPress. If users are allowed to choose passwords like ‘Password1’, then it increases the likelihood of that password being guessed. This is a major security issue for your site. To negate this risk, the plugin allows you to choose which users are required to have strong passwords. For example, you could require admins to have strong passwords, as they have access to critical files.
It locks down your site outside of business hours.
If you are a business that only works during weekdays, then it can be useful to lock down WordPress outside of those hours. The iThemes Security plugin has the option to choose your hours and who will be locked out. This eliminates the risk of potential hackers accessing your dashboard when you aren’t around.
Need a secure WordPress site?
Looking for a secure website you can manage, by updating and editing pages and images? With our WordPress websites, you can do all this plus so much more. Find out more today.