Being a Open Source software, WordPress is vulnerable to hacking and malware injection which might compromise blog. Hence, adding multiple secondary layer security is uttermost important.
This secondary security layer can be added by modify and adding few lines of code in wp-config.php, function.php, and .htaccess file. But manually modify these core WordPress files might break your site if done incorrectly. Hence, I recommend to use a plugin named iTheme Security (Fomerly Better WP Security).
How to install iThemes security?
- Go to Plugins tab and click on Add New
- In-search field, enter “iThemes Security” and hit enter button
- Click on Install Now button. (Screenshot above)
- Click on Activate Plugin link.
- Now your plugin is installed and active.
But only activating plugin will not secure the blog. There are few setting that must be done in order to have better security for files and folders. Follow are the setting which I use on BeingBlog.
How to setup iThemes Security plugin?
- After installation, you will have a blue bar saying “iThemes security is almost ready“. Click on Secure Your Site Now button for on-click setup.
- I have authorized iThemes security for following setups: Back up site, Allow files update, Secure site now.
- Dashboard: Dashboard tab of iThemes security gives a detail idea about status of different files, folder and server information of WordPress installation. You can also perform one click fix for any problem from dashboard screen. Issues are categories in High, Medium, and Low priority.
- Settings: This screen has all the security setting which help in securing WordPress installation and system security. This has very huge setting configuration from Database backup, Away mode, 404 detection, file change detection. But most important are WordPress and System tweaks section. You need to carefully check and un-check tweaks that you are in need.
- Advanced: helps to secure WordPress Admins and logins. You can rename Admin username, user ID, change WordPress Salts, change WP content directory folder, and database table prefix.
- Backups: This will create an immediate backup of database and send it to Admin email address. You can also change the backup setting to schedule it automatically at prefer days and number of database backup to retain in local server.
- Logs: Help in tracking a log of changes that has been done on WordPress site. It will log 404 errors, file changes, broken links and etc. When backups are created, logs are neglected thus reducing database size and keep it limited to WordPress database.