What are good ways to make WordPress more secure?

5 Sure-Fire Ways To Secure WordPress Websites

Have you been hacked before?

I been through that ... and I have no plans to experience that once again.

According to Sucuri, WordPress is the most affected website platform in 2017 (capping at 83%).

That's worrisome especially when WordPress is used by millions of websites today.

In this article, I'm going to share with you five ways to secure your WordPress website.

Secure WordPress websites with trusted web host

Web hosting is by far the most important factor for WordPress websites being hacked.

When was the last time you go for really cheap web hosting services that charges $1 per month?

Seriously, you are better off with Blogspot or WordPress.com for that matter.

A good web hosting company goes a long way

Many web hosting companies that you can find today are offering sub-par level of hosting services (sad but true).

In order to maximize earnings, they will cramp as many websites into the server in order to safe cost.

Here are some tips to find a good web hosting company.

  • 24/7 support
  • Don't oversell server space
  • Believe in offering high quality web hosting services

Of course, I did not include the affordability factor as we are all looking for affordable web hosting services ūüôā

If you are looking for great web hosting that offers excellent security features, here are the top three I would recommend anytime of the day:

Secure your website by installing legit themes and plugins

Installing nulled WordPress themes and plugins may be easy on your wallet (in the early days) but it will get extremely expensive for you when your site gets hacked!

Using legit WordPress themes and plugins are always the way to go.

For example, here is a list of free WordPress themes that don't cost you a single cent (and yet looking awesome).

For plugins, you can go for Thrive Membership (for example) for unlimited usage, licenses and with one single pricing structure ($19 per month).

Secure WordPress websites using security plugins

Do you know that one of easiest way to secure WordPress websites is by using WordPress security plugins?

Generally, these WordPress plugins are easy to use and doesn't require much server management to secure your site.

While there are many free and paid plugins that you can use, here is a small list of the ones I truly recommend for beginners:

Secure WordPress websites with CloudFlare

CloudFlare serves not only as a Content Delivery Network (CDN) tool, it is also an excellent website security tool that helps you to strengthen the defense of your website.

Lucky for you, CloudFlare integrates perfectly well with WordPress powered websites and if you want to learn some geeky (and advanced) settings for CloudFlare, here's a great article to read: How To Setup CloudFlare Page Rules?

Are you ready to secure your WordPress website?

The number of hacking (especially on WordPress websites) had increased dramatically over the years ...

And you certainly wouldn't want to be the next victim!

I hope you find these securing WordPress website tips useful and leave a comment if you have any thoughts!

All In One WP Security And Firewall Review 2018: How good is this security plugin?

Today, I'm going to take a look at one of the most popular security plugin which is All In One WP Security and Firewall.

The WordPress CMS is secure but in today's technological world, we can't be too relaxed especially with website security.

Most users install WordPress firewall plugin to stay safe from hackers and malicious codes, as well as stay as far as possible from WordPress security vulnerabilities.

There are two things you need to know about this review.

  • check
    This is NOT a paid review
  • check
    I'm doing this because this is extremely important for you to secure your WordPress site

More importantly, you need to learn how to secure WordPress website from hackers right now!

You can checkout the plugin here on WordPress plugin repository.

Understanding The Importance Of Improving WordPress Security

Everyone should take this topic seriously. But why?

Check this video out. I'll explain why it is important for you to read through this article. 

Oh by the way, do you mind to leave a positive review for this review? I really appreciate it!

I've been hacked four years ago and back then, I was having a vacation in Australia. That night, I was checking on my money site and boom! I was greeted with a sinister but very familiar display on my desktop.

I contracted my web host and they sorted it out in 48 hours. Can you imagine the amount of sadness and furious I had then?

wordpress easily compromised

I know I didn't use any nulled WordPress theme or plugins but yet, I was hit badly.

True enough, the web host said that most of my site content were gone and they were able to retrive and repair that much.

Fast forward until today, I have taken serious steps to make my website safe. Sure, I know that there is no bulletproof security but at least, I'm doing whatever it takes to stay safe (and so should you).

By using WordPress firewall plugins such as All In One WP Security and Firewall, it reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security And Firewall Review

Writing this article reminds me of old days where I wrote of the most read blog posts that I have ever published in 2013 ‚ÄĒ Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin.

Let's take a look at All In One WP Security And Firewall plugin, shall we?

all in one wp security and firewall plugin stats

Not bad, not bad at all I would say!

There are over 600,000 active installation and the last update was around three months ago.

Disclaimer: After using All In One WP Security and Firewall plugin, I personally feel that this plugin is a great WordFence alternative (no offense).

All In One WP Security And Firewall Plugin Features

I love this plugin because the developers understand the basics ‚ÄĒ not everyone is a WordPress guru when it comes to security. Therefore, they created three different categories in this plugin, namely Basic, Intermediate and Advanced.

Take a look at the video below for a quick introduction to the All In One WP Security and Firewall plugin.

What I love about this security plugin is the you can activate security features and firewall rules without much worry that it will break your site.

features of all in one wp security and firewall plugin

The Basic Features

The Basic feature is very straightforward and built ground up for beginners. It is literally safe to use and non-invasive. Therefore, this option will NOT break your site no matter what you do (or how unlucky you are for that matter).

These are the features you need to active them immediately after installing this WordPress security plugin to start securing your site. 

Note: The Basic setting will not make your website tough as Fort Knox but it will certainly build some level of added security to your site.

The Intermediate and Advanced Features

Some intermediate and advanced security features can break your site (making it unaccessible) especially with conflicting with other themes and plugins.

Plus, you should only turn the settings on if you are well aware of your hosting provider's server configuration. For this, feel free to reach out to your hosting provider and seek some clarification before taking the plunge!

Simple security points score system

What I love about the All In One WP Security plugin is the security strength meter. 

security meter

In a glance, I can determine the level of security of my WordPress site and the number of security features I had activated.

Pretty cool, right?

Critical feature status

The dashboard also shares important information of your site and simple security features that can harden your WordPress security to new levels. Or at least, to help you achieve a minimal acceptable level of security.

Here's how the panel looks like in the backend.

one click security feature

The critical feature status serves as a WordPress security checklist for me. The plugin tells me what I need to know and what I should do in order to have the best WordPress firewall setting and enjoying close to bulletproof security.

Do this before installing All In One WP Security And Firewall plugin

  • Make a full website backup before installing the security plugin
  • Upon installation, a good strategy is to enabling just the basic security features
  • Allow the plugin to operate normally for a few days before considering using the intermediate or advanced features

Help! All In One WP Security And Firewall broke my site!

Hold on there and relax. I've got your back on this.

If you are using cPanel, head over to the File Manager and look for the plugins folder. In there, delete or deactivate the plugin and your site will pops back up.

You can also reset your htcaccess file to get your site back to the original state.

And if the above sounds complicated for you, just hit the 'restore from backup' option and your website will be back to normal.

Frequently Asked Questions

Question: I'm locked out from my site after activating the firewall features. How do I fix this?

Answer: Restoring the htaccess file of your WordPress site to remove any firewalls and allow you to start from the beginning.

Question: I'm locked out from my site after enabling the maintenance mode. What should I do now?

Answer: Restore your htaccess file and access your WordPress backend using this link http://your-domain-url.com/wp-login.php

Question: I don't see some of the menus of this plugin on my sub-sites. I have a WordPress Multi-site (WPMS) install. How do I fix this?

Answer: WordPress multi-site uses one single file system for all your sub-sites. So some of the security features only need to be enabled on your MAIN site. The sub-sites won’t show you the menus for these features. You can configure those settings from the main site of your WPMS install.

Question: Is there any recommended hosting that works well with this plugin?

Answer: Generally, I don't see any issues between All In One WP Security and Firewall plugin with most shared web hosting. However, just avoid using this on premium WordPress hosting as the plugin will conflicts with the inbuilt security feature.

Is All In One WP Security And Firewall plugin the best WordPress security?

I will leave this to you to debate in the comments below. What do you think?

Feel free to check out All In One WP Security and Firewall using this link.

14 Ways To Prevent Your WordPress Website From Being Hacked

'How to secure WordPress website from hackers?'¬Ě

As a blogger (now, freelance writer), the above is one of the most common questions asked by new bloggers and website owners.

My answer to them often goes into the deep conversation as I am a huge believer that securing WordPress website from hackers requires more than just one step. As a matter of fact, there are many steps you need to take to secure WordPress website from hackers.

Two years back, I wrote an article on WordPress security, and it was a huge success. Not only that post became one of my most popular blog posts, but it was also featured on Harvard University's blog!

12 Most Important Tips To Improve WordPress Security

Recently. WPTemplate shared an infographic on WordPress security issue. The figures were shocking. Each year, thousands of websites are compromised and the figures keep increasing every year.

In year 2012, more than 170,000 WordPress sites were hacked and that's crazy!

The million dollar question could easily be, "Are you doing enough when it comes to securiting your website security?"

Source: WordPress Templates

So, what you can do to improve your WordPress security?

Did you notice two of the biggest contributor to WordPress security are hosting companies and WordPress themes? And heck, most of thought that WordPress security has always associated with weak security password.

WordPress is one the biggest blogging platform in the world and thus, it is not something new that it is targeted by hackers every single day.

Being said that, you should not take WordPress security for granted and therefore, you should act now.

Yes mate, right now ... by doing these easy steps!

1. Practice frequent updates

When was the last time you upgraded your WordPress or plugins? Usually, the latest updates are the one that has security patches or even newer features. If you have yet to get them updated, do it now. It wouldn't take you more than 5 minutes.

At least, do it for the sake of your website security. Seriously!

2. Perform housekeeping and clean up on your website regularly

Good website maintenance could keep hackers away

Safety first when it comes to website security

Do you know that it is best to delete or uninstall those unwanted plugins you have on your database? Yes, even though they have been deactivated, you should ... and by all means remove them immediately. Having lesser plugins also provide a better website loading speed and not to forget, leaving a better experience for readers as well.

The main reasons is because there are many plugins which might pose a threat especially to WordPress. You have to remember that even though you might have deactivated them, they are still accessible in your website database.

3. Avoid using Admin username

This is the same mistake everyone does. You should never use Admin as your administrator ID. I know some WordPress sites advice users to create Admin username without any administrator access. For me, it is best to leave Admin untouched.

The first thing a hacker would try is to brute force login using Admin or Administrator ID. If you are using either one of those username, then you are basically making their life (of hacking) easier!

It is always best to have a mixture of words, symbols and numbers. Of course, you can further boost your WordPress security by adding capital letters as well.

4. Turn off membership registration

Controlling the number of registrations could easily avoid hackers

Proper 'security check' for members is vital to improve your WordPress security

Yes, I don't allow open registration at all for my sites. Instead, I'll manually add members myself. This is to ensure that I have complete control over security matters. Small security actions goes a long, long way when it comes to securing your WordPress site.

If everyone is able to register on your site freely, then you might have problem when you'll find spam bots and potential hackers trying to break the website security.

I truly understand that adding membership manually might be a real pain but it is worth it for those who really cares about security matters. Of course, if you are running a big company, uses WordPress and has a full list of members, Premise might be the best WordPress membership for you.

5. Changing table prefix

This is one hell of efficient method when it comes to WordPress security. Better WP Security plugin makes it sound easy with just a press of a button. No, it isn't that easy!

You got to learn how to change the prefix correctly or else, you are going to destroy your website ... literally. I changed the last round and I accidentally 'destroyed' my theme.  Ouch!

6. Backup, backup and backup

Nothing goes more important than backup ... when it comes to website and stuffs. Lucky for you, there are some seriously good backup plugins and programs that work perfectly for WordPress. Why backup you may ask. Well, imagine you are being hacked or something bad happen to your site today. You can easily restore everything in a very short period since you have a backup file. What happens if you have no backup files? Then you would need to start back from scratch!

Real case scenario. Three months ago, I had several websites running and when 'something' bad happened to them, I practically lose hundreds of articles. Yes, I do backup but I only did once a month which is clearly, insufficient! However, it was good that at least, I still have a month old backup. If not, I would be doing everything from scratch ... and for over five websites!

7. Security plugins could help

Installing security plugins will increase your WordPress security level

Hello, you're being monitored.

Let's say you are less geeky and need help with securing your website. There are WordPress security plugins such as WordFence and Better WP Security which could provide above average security features with just a few clicks of the mouse. Can't decide which to use? You may find my review here, Wordfence vs Better Wp Security plugin.

Basically, these plugins will boost your WordPress security level and even provide you the well needed security notifications. Definitely worth a shot for those who prefer to be on the safe side.

8. Increase your security features with Content Delivery Network (CDN) services

Heard about Cloudflare and Incapsula? If not, you should definitely use one. Seriously!

Content delivery network or CDN could provide minimal security especially when you are using a free service. Well, some security is always better than no security right? No? ūüôā

I always consider CDN to work very well especially when it comes to preventing Distributed Denial of Service (DDoS) attacks and also improving the website loading speed. Personally, if you are using a CDN for security, Incapsula has a very good security background while Cloudflare is much better of with improving website loading speed (with some security features).

9. Know your WordPress plugins

We all talk about WP everyday.

Now, ask yourself a question. How much do you know about your plugins?

I used to download and try all types of plugins last time and without even bother to check the reviews. Now, I do check their reviews first and even a little bit of Google-ing before installing anything. Some malicious plugins could be hacker's backdoor to your admin area and protected files. So, always have a good grip of what you are installing and decide if they are really worth the time (and your website security).

Nothing is too personal when it comes to website security!

10. The last level of security comes from you

You are the one in charged of your website security

Me? Seriously?

Yes this is true! Who is your best, most accountable and trusted watch guard for your website? It's you for Christ's sake! You got to be on your toes and at least, check on basic changes done that you should be worried about. Let's take a simple example below.

I had Better WP Security installed on one of my niche website and every time changes are done to my site, I''ll receive an email notification immediately. Imagine small changes such as uploading an image to my gallery and it triggers an email notification. Good? Excellent I would say!

Thing is, you got to at least know what's happening on your website. Well, you might not have the technical skills to know what to do but at least, you're still able to alert your hosting provider or developer to check on that.

And when you think that are all ...

Hold on there tiger! The above are 10 important security tips when it comes to WordPress and I still have two more under my sleeves!

11. Choose the right WordPress theme for your website

Do you know that 29% of security problems originated from using the wrong WordPress themes? There's absolutely no denial that there are thousands of free WordPress themes out there. My personal advice?

Ditch those free themes for crying out loud! Jesus! Don't you see it? These themes might have some codes inside which could compromise your security. Not all, but certainly, I know a lot of them who actually are!

I don't get it ... I really, really don't get it on ... you know ... free WordPress themes.

If you are willing to buy premium WordPress theme, you have to be careful as well as not all themes are coded properly. Badly codes one will actually affect your website in many ways.

Here are two of the best WordPress themes I would recommend any day; Genesis Framework and Thesis theme.

Personally, I'm a huge fan of Genesis because:

Don't take my words for that. Check them out yourself and decide which is best using the links below:

Genesis Framework | Genesis Child Themes | Thesis Theme

12. The importance of hosting companies

Last but not least, the infographic provided by WPTemplate proved that hosting companies play a huge role in terms of WordPress security. With 41% of website hacks originated from website hosting,  I bet the figure explains it all.

Personally, I know there are so many hosting companies that are offering cheaper than usual hosting packages. I totally get it that hosting is a competitive industry but have you ever thought that cheap hosting might not provide even the slightest security features for your lovely website?

Let's take some 'stats' for example, shall we?

Now, does all these makes any logical sense to you?

The above are examples of big brands trusting their hosting companies. Do you see why they don't go for cheaper corporate hosting? C'mon, give me a guess and I'll wait! Yes, you got it right mate. It's all about security.

When it comes to WordPress security, it is best to leave it to the pros if you have limited expertise.

Obviously, these brands are having a much bigger package but it doesn't mean that you can't join the big boys' club. There are packages below $20 which could work very well on your budget and most importantly, a piece of mind 24/7.

You may be using a package say $5 per month but you have to do all the job and maintenance yourself. Simply by adding $15 a month, you would can leave all the maintenance work to the pros ... for free.

With proper web hosting, you can forget about spending hundreds or thousands of dollars on webmasters who will take care of your websites (no offence though).

Last time, I was with GoDaddy and then, moved over to HostGator. Even though I was happy with my money spend with them, I wasn't too happy about the support. What can you expect from a $4 or less web hosting package right?

Again (and like what I always say), don't take my word for it. Go have a look at their websites have to offer.

Recommended high end web hosting companies: Web Synthesis | WP Engine | Media Temple

You may also take a look at my review on why BlueHost is my top choice for affordable web hosting service.

Over to you...

If you think that SEO and all those blogging tips are important, think again. WordPress security is much more important nowadays. Thousands had done them wrongly and I certainly do not hope that you are one of them! Remember that hackers are always out there and you need to be ready for them.

Do you have any other WordPress security tips to share? If you do, drop me a comment below and let's discuss it over.

**If you find this article interesting, I would be very grateful if you could share it using the red button below.

Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin

We could have probably heard that website security is vital especially when hackers are all around nowadays. I am not going to leave any security loopholes in my WordPress site and I am sure you are either. When it comes to WordPress security plugin, there could have hundreds of plugins you can choose from but when you talk about the best, there could be two which comes to my mind.

Introducing Better WP Security and Wordfence Security.

Here are some information on both the plugins.

What is the best WordPress security plugin?

WordPress is the most popular blogging platform but security threats are very real

What is Better WP Security Plugin?

Created by: Bit51

What Better WP Security does:

What is Wordfence Security plugin?

Created by: Mark Maunder

What Wordfence Security does:

I know the list is rather long but it is relatively easy to say that both are trying their best to compete with one another. I tested both Better WP Security and Wordfence Security for a week each on various websites and I was surprised at my decision...really. Let me tell you why. 

Security effectiveness

Better WP Security - 9.5/10, Wordfence Security - 9.5/10

When it comes to security, I can tell you that both plugins look very seriously into the matter. Both actually impressed me more than what I actually expected them to perform. If you are going to install either one of these, rest assured your security effectiveness will be top of the chart. And that, I am definitely sure. 

User-friendly UI

Better WP Security - 9/10, Wordfence Security - 9.5/10

I have very split decision in this. I love Better WP Security's direct layout but I prefer the Wordfence Security interface. Basically in Better WP Security, you will be able to see all the issues in different colours (red as dangerous, green as safe etc). With a simple click, it will redirect you immediately to the setting for you to do any adjustment required. Compared to Wordfence Security, the layout is more 'WordPress-like' (imagine using W3TC).

Both plugins layout are extremely versatile and easy to navigate through. At the same time, both the plugins developers are doing a great job by trying to provide a compact view on the plugin dashboard itself. Here's are what both dashboards look like:

Better WP Security offers more security features compared to the rest of the WordPress security plugins.

Better WP Security Dashboard


Wordfence security provide easy to use navigation for both experience and beginers website developers.

Wordfence Security Dashboard 

Plugin usability

Better WP Security - 7/10, Wordfence Security - 9/10

When it comes to security plugin usability, this is where it makes all the difference. Better WP Security plugin is great but what makes it short from getting a higher score from me is because it requires a higher curve of WordPress understanding for a person to actually utilize it properly. In other words, you are open to all options to configure your WordPress but you are prone to create an accidental mistake if you have no idea what you are doing.

Compared to Wordfence Security, most options are pretty direct and even a beginner could use the plugin to the maximum of its capabilities. This definitely gives a better rating to Wordfence Security compared to the latter. 

How important is website loading speed for you?

Better WP Security - 10/10, Wordfence Security - 8/10

To be very honest, I been trying to search for this answer but failed miserably. Whenever I use Wordfence Security, I noticed that my site is loading less than one second slower compared to the time I used Better WP Security. after checking with various programs and tools, it really seems like Wordfence Security's firewall feature is creating a small 'lag' which affects the page loading speed. Maybe this could be me but I am not experiencing that when I am using Better WP Security. 

My honest conclusion between Better WP Security and Wordfence

If I would to choose and could only choose one as my best WordPress security plugin, then my money is going to Better WP Security. I know! I love Wordfence Security plugin and it is very close to flawless.

However, having the small page load 'penalty' really turns me off. Regardless what WordPress security plugin you choose, I am sure both of these plugins will not let you down.

How about you? Do you have any favorite security plugins you would like to share? Or, maybe you have your opinion on both the plugins? Feel free to fill the form below and tell us what you think.

If you like this article, could you please share this for me using the red Google+ button below?