The security of your website should be at the top of your list when it comes to things to regularly check and maintain. At Sierra.host, we take security very seriously and do significant updates and monitoring for hacks, malware and so on.
While Sierra.host is already proactively handling security on your server, you need to also take steps to secure your WordPress website.
We recommend that you install one of two security plugins for WordPress. You should not install both. Both Security options will provide great security and ultimately boil down to preference in features.
iThemes Security Plugin
iThemes Security works to protect your site by blocking bad users and increasing the security of passwords and other vital information. Additionally, iThemes Security monitors your site and reports changes to the filesystem and database that might indicate a compromise. It proactively guards against bot attacks too!
We recommend downloading and installing iThemes from directly inside your WordPress website admin area.
- Log into your website WordPress Admin area (https://yoursite.com/wp-admin)
- Navigate to the Plugins menu and choose “Add New.”
- In the keyword search box enter “iThemes Security”
- When you see iThemes in the search results, choose “Install”
- Once installed, choose “Activate”
Once the plugin is installed, you’ll need to begin configuring iThemes security plugin. Configure it with the following settings:
- Enable Local Brute Force Protection
- Enable Network Brute Force Protection
- Enable File Change Detection
- Run the Security Check
- In WordPress Tweaks – Disable File Editor
- In WordPress Tweaks – Disable XML RPC
- Enable SSL (Be sure to install a LetsEncrypt Certificate First!)
Wordfence Security is a great option for WordPress security because of its built in WAF (Web Application Firewall). In addition it provides a malware scanner that checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.
Here are Sierra.host’s recommended key settings for Wordfence Security:
- Update Wordfence Automatically
- Enable Web Application Firewall
- Enable Brute Force Protection
- Enable Rate Limiting and Block Fake Google crawlers
While this is by no means an exhaustive look at WordPress security, this is a good starting point that will help your site gain significantly more security. If you have questions or feel unsure about any of these configurations, email our support team and we’d be more than happy to help you further.