In this tutorial, I will teach you how to use some security plugins for WordPress such as Loginizer Security, Sucuri Security, Site Health and BackUpWordPress.
Please note that this tutorial is part of a series to help secure a WordPress blog. Some of these tips might not apply depending on the hosting environment. The following topics are covered:
- Redirecting users to HTTPS
- Installing WordPress securely
- .htaccess for WordPress security
- php.ini for WordPress security
- Security plugins
- Security maintenance
Loginizer Security
WordPress comes pre-installed with the “Loginizer Security” plugin. It allows the administrator to control many things: from who can login to how many times they can try to login.
To activate it, go to “Installed Plugins” under “Plugins” and click “activate”.
To customize its settings, click on “Brute Force” under “Loginizer Security” in the left menu.
Modify the following under the “Brute Force Settings” section:
- “Max Retries” to 2;
- “Lockout Time” to 2880 minutes (2 days);
- “Max Lockouts” to 2;
- “Extend Lockout” to 168 hours (7 days);
- “Reset Lockouts” to 672 hours (1 month);
- “Email Notification” to 3 lockouts
It is wise to whitelist your IP, especially if you make password errors from time to time. This can be done by entering your IP in “Start IP”, under the “Whitelist IP” section of the page. You can find your ip by searching “my ip” on Google or by using Loginizers dashboard. Your IP address will be located in the “System Information” section.
Sucuri Security
The Sucuri Security plugin has many features and that is why I recommend reading through Sucuri’s documentation before configuring it’s settings.
To install this plugin, navigate to “Add new”, located under “Plugins”. Then search for “Sucuri Security – Auditing, Malware Scanner and Hardening”, click “Install” and “Activate” on the first result. Click “Sucuri Security” located in the left-hand menu.
From the Sucuri Security dashboard, click “Generate API Key” located at the top right corner next to “Review”. Check “I agree to the Terms of Service” and “I have read and understand the Privacy Policy”. Finally, click “Submit”.
Once the plugin is setup, you will be able to see your website’s security status from the dashboard and configure the plugins settings from the settings page.
Site Health
To install this plugin, navigate to “Add new”, located under “Plugins”. Then search for “Health Check & Troubleshooting”, click “Install” and “Activate” on the first result.
Click “Site Health” located under “Tools”. Any potential security issues will be listed on the page.
Clicking on an issue will expand the tab to provide you with more information.
BackUpWordPress
Websites should be backed up at least once a week. However, the higher the frequency, the better. A website can be compromised at any time and having the most recent backup copy in hand can help in a faster recovery. It is also important to store backup copies in multiple locations.
There exists free and paid WordPress backup plugins. I have opted for the “BackUpWordPress” plugin. To install it, navigate to “Add new”, located under “Plugins”.
Search for “BackUpWordPress”, click “Install now” and “Activate”.
In the WordPress left-hand menu, click on “Backups” located under “Tools” and “+ add schedule”. Select “Both Database & files” as the “Backup” option and set the backup frequency. Enter the email you wish to receive backups and click “Done”.
I recommend storing emails on a computer to have a backup copy in more than one location.
Conclusion
In summary, implement the following WordPress plugins for security: Loginizer Security, Sucuri Security, Site Health and BackUpWordPress.
If you know of any useful security plugins for WordPress, please let me know in the comments down below!
