In our last post(Make your WordPress site little more secure) we saw some basic WordPress security measures. In this post, we will look at some more WordPress security measures. This is WordPress security Level 2.
Two Step Authentication:
Here is what SecurEnvoy have to say about two-step authentication:
Two Factor Authentication, also known as 2FA, two-step verification or TFA (as an acronym), is an extra layer of security that is known as “multi-factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.
Two Step Authentication is a pain, but it’s another step to keep your site secure. You can read more about it on wordpress.org. Till WordPress integrates two-step authentication in its core, we can use the plugins mentioned on wordpress.org.
Lock Login attempts:
According to techopedia
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by a security analysts to test an organization’s network security.
To save your site from brute force, you can block IPs that make multiple login requests. You can find all plugins on wordpress.org that help in fighting brute force
Make regular backups of your site. You can do it manually or use a plugin to automate it. There are a lot of plugins out there that help you schedule regular backups. You can check for backup plugins here on wordpress.org.
You can read more about backing up your WordPress based site here on wordpress.org.
Always verify Plugins and Themes:
Before downloading a plugin or theme,
- Check when was it last updated. If it is not updated for a long time, stay away from it.
- Check what version of WordPress is it compatible with, it should always be the most recent version of WordPress.
- Check the support tab, check how often support requests are answered. Is the plugin author active on support?
- Check how many times the plugin or theme has been download, this will tell you how popular the plugin is.
- Also, test the plugin / theme on a local instance of WordPress or a staging instance. This instance should be a replica of your site.