What will we be learning?
We’ll be learning what the best wordpress security plugin is to learn how to set it up and why it is important to have a security plugin for wordpress.
Why is having a security plugin important? How can I benefit from Ithemes Security Plugin?
With the increase in WordPress websites, the profitability for WordPress hackers is becoming enormous. Thus, Hackers are on the prowl to attack WordPress websites. Therefore, it is important for us to have a secondary defense mechanism, namely in a WordPress Security Plugin. Ithemes Security Plugin is the best wordpress security plugin in my opinion and therefore should be installed on all WordPress websites.
So if you are using our wordpress course, this is another one of those videos. Well we are talking about different types of plugins that I think are the most beneficial. And kind of just a review. What I did was I installed 8 plugins that I thought were the most important.
I talked a little about each of them, kind of a very general overview. But we ran out of time. So I wanted to go through all of them. And I have previously already done the jetpack and I have also talked about adding ninja forms in a whole separate video.
And so in this one what I want to talk about is the ithemes security plugin. And the reason why I think it’s important because, well very briefly, what does the ithemes security really do?
And so, it provides a kind of a second backup or second security measure so that hackers cannot hack into your website. And I mentioned before that, one thing about these wordpress websites is, yeah they are great, but kind of like, you can imagine like windows or at least how windows used to be.
Not too sure if its still, kind of migrated from windows, not sure mac is that. Windows had, you know a good amount of viruses. And the reason why they used to have viruses is simply because so many people use them.
Because so many people utilise them. Hackers found it more beneficial or cost effective to invest in a windows virus rather than a mac virus. Now the tables have probably turned. When we have more mac computers being utilised, so you have more viruses in that respect.
The same kind of logic goes with wordpress, is that, because a lot of people use wordpress. A lot of people use that to design their website, so I think it’s the no.1 used software. You can imagine that hackers will find it very beneficial to create some type of software, some type of program to hack in to your website.
And there is a number of things that they could, kind of gain access to. For example, you have users, you have a lot of users, you have a lot of email addresses. And that’s going to be very beneficial for them. And I don’t mean to scare you away into not using wordpress.
But what I do want to say is that you have some type of backup or some type of you know, secondary security. And actually a personal story that I had was, a website that I ran or still run right now, in its beginning months. It had around, I believe around a 1000 users.
Because the way the website worked was, it needed people to actually sign up. It needed people to register and sign up. So the actual website for them to utilise a course that I was providing them. And so the issues with that was that. Well, for one thing, you know hackers would have an easier time to just simply to hack into.
So they eventually did before I had this plugin installed. And so, especially if you have these sign in, sign out and you know, register buttons. It’s going to kind of tell other individuals that, you may have a good number of users on there. So it will be kind of beneficial to break into. That being said, once I added in the ithemes security plugin, we now haven’t been, had no problems after that. Had absolutely no problems. That’s been about a year and a half from now.
So kind of very briefly what can the ithemes security do? Well there is a number of different options. You can see there is dashboard, settings, advanced, backup, blogs and help. Well the help is just for your own personal benefit.
But there is many many different things that it can do. Kind of the first question I asked you is to make the very initial, very basic level, I guess, security measure. And that was. As soon as you install the ithemes, it has this banner that goes across and says activate or something to that extent.
And it lets you backup your, your database and also provides you with the option to potentially make something more secure. Just a very basic security measure. I don’t remember exactly what it was like because I just installed it and I accepted both of them.
So can just accept those. It is entirely fine. What I am going to do now is actually explain, you know what are some of the options that it can do. So one of the things that it has is the security status. It gives your security status.
If you scroll down. And so it tells you what you need to fix. So, if you need to perform a scheduled back up, just click fix it. And let’s see what happens. And so it scroll us down to right here. So scheduling a database backup. Save changes. How often do you want to schedule a database backup?
And this is just for your database not a full backup. And so I should always suggest people, they should have yes, they should have a database backup, it’s good. But you also should have some full backup somewhere. Whatever program you use, you should have it somewhere.
And I will show you in a future video, that’s more of a, more long term thing that we will need to do, to actually create a full backup. But for now, enable scheduled database backup. Let’s just say 3 days. That’s very fine. If you don’t update your website all that often, 3 days, that’s perfectly fine.
There is nothing wrong with that. So you know, yeah, save that. We will just go through the settings now. Because, I just wanted to show you, kind of, if they give you these. It’s not really error message, but things that you need to fix. That’s what you can do,
So so there is many different settings. Let’s start with the first one. So the first one, the global settings, allow ithemes security to write to wpconfig and ht access. So you can, for me, I just leave this blank. I disable it because, you know for me, it’s not something that in necessarily want them to do.
I don’t necessarily want them to, to write to that. To edit something like that. So I just leave it blank. But one thing down below is, for example, let’s see. You can blacklist certain ip addresses, certain individuals and that’s good if you see some type of activity that you don’t necessarily look or don’t necessarily want these users to be on your website.
Say they are spamming and you could, you know lock them out and ban them form your website essentially. And so, you know, there is other options. This was simply, this was just the backup that we just did. 404 detection, so what 404 detection is, so, it prevents them getting a large number of these 404 error messages.
The assumption is that if they are going that, it’s somebody, if they keep receiving these 404 detection pages, it’s probably an individual that you don’t necessarily want going to your website. Because, they are just kind of scanning, kind of just scanning the internet.
You presume that as some type of vulnerability. So that’s why you kind of enable that 404 to detection. And you can change the options but, in really you can just kind of leave them as standard. You don’t need to change much about those.
You could save the changes right now. The away mode, What this is, it allows you, if you are not going to be, for example, if you live on the west coast and you don’t want anybody to be editing your website. You know that you are not going to be editing your website form the hours, for example, 3 am or 6 am and something to that extent.
You don’t want people to be able to log in. you don’t want people to be able to log in during those times because chances are those are going to be individuals that are not yourself. So this kind of prevents people who are not yourself, who you know, may be hackers or many just be people kind of browsing that shouldn’t be.
And so you enable this away mode. So that’s kind of good in my opinion. So you can able the ban users and blacklist function as well, brute force protection. This is just, for example if you had, the way they describe it.
If you had a limited amount of time and you had a, you are pretty much in a limited amount of time to try every single password. Eventually you would be able to log in, and this software that people have designed is that they literally can try every different type of username.
Generally they try the username admin because that’s what allows people keep their initial admin username as just admin. And they try a bunch of different passwords. 123456 and things like that. And if you try enough times, eventually can login and you can gain access.
And so, what we are doing here is enable this brute force protection so that the max logins per host is 5 attempts. The max login for a user is 20 attempts. And you can change whatever you want. And so, they will just remember for 5 minutes and they will log them out. They will actually inhibit them from actually logging back into the website for x amount of minutes.
And so same thing with this. Backup the full database. And they can send you an email and things like that. That’s kind of self-explanatory. File change detection, if there is a file change that you don’t necessarily want people to change, and then it can notify of these changes and give you a notification.
Hide the login area, is I think in my opinion one of the best features. And it’s very simple. But it’s very nice simply because, if you remember before, I mentioned that every wordpress. Every wordpress website, it starts with this, wpforalltv dot com. So your domain slash wp dash admin in order for you to actually log in.
And so the benefit is that, or the downside is that, if every website is this, wp dash admin. Well it’s going to be a lot easier for a hacker to just say, ok let me login to that domain dot com slash wp dash admin. And then let me just try a bunch of different passwords.
And so this will allow you to, say for example, you wanted to change it to wp login. wp login would allow them to have the opportunity to, you know. A hacker wouldn’t necessarily know that, that’s where you log in to your website.
They are just going to assume that its wp dash admin. So you can change it to whatever you want. You know it could be even your name or something like that. Although I wouldn’t necessarily use a name but yeah, you can have it to whatever you want.
Same thing with some of these other options. Custom login actions and you can just save that as well. It has this secure socket layer ssl that if you that option, not everybody has it. So if you have it, I think for most of the host. I think hostgator actually does charge some type of fee per month to utilise this.
So that’s why I don’t have it. I don’t utilise it. I believe that this would be very beneficial for, for example, e-commerce websites should have this as a self-security. Especially when you are dealing with credit card information right on the website. You definitely want to have that added security,
For us. Since we are just a blog. We are just a website, whatever you may have. If you are running an e-commerce website which you can definitely do with wordpress. And I will actually show you how to do that in a different tutorial. Yeah, you know, you can definitely add that.
So strong password. It’s pretty self-explanatory is that they have to. If you have ever seen a website where they say your password is not strong enough, this is to prevent people making really simple passwords. And so hackers can just easily break into their accounts.
So they want it to be as secure as possible. And you can, you know specify who needs to have this secure or strong password enforcement. And there is just a bunch of other options. The majority I kind of already went through.
The ones that I personally like to change. And then you can just save all the changes. You know, there is a lot of options that it would take a long time for me to actually describe what each of them are, what each of them do. There is even advanced settings that you can change.
But probably you don’t need to go into the advanced settings because that’s going to be just too confusing. It’s going to be too confusing for all that we have to do. Backups will show where the backups are. They will also have the settings and the logs as well.
So as you can see, the capabilities of this free, this is s free security plugin. It’s quite robust. You know, it has quite a bit of power built in to it. And so that can be very useful for you. And it’s just so good to have. Even if you don’t have any options selected, you just have the very basic security. I think, you know it’s better than nothing. It’s better than just having your site completely vulnerable. It has that extra added backup, right.