You made a website to serve your business, but suddenly one day your website was attacked by hackers, causing slow access speed, losing admin login rights, website being redirected to the dark web. In this lesson, An will show you how to secure a wordpress website, but only at a basic level. There are other advanced plugin security ways, but if your host is weak it will affect your page loading speed. For newbies, just follow the basic security steps below.
How to check if a website is infected with a virus?
To check if your website is infected with a virus, visit this page https://sitecheck.scuri.net/results
You enter your website in the box and press the button “Scan Website“.
If the returned result is a green checkmark as shown, your website is not infected with a virus.
How to secure a basic wordpress website in 3 steps
Step 1 change username admin
When you create a wordpress website, by default the admin username will be set as “admin“. Hackers often detect passwords based on this default username.
If your admin account is default, An will guide you how to change the username as follows.
There will be 2 ways to change.
- 1 is that you use the plugin to change directly on the existing username.
- 2 is that you will create a new admin account and delete the old account.
Here, An will guide you to do method 2 because An doesn’t like to install too many cumbersome plugins and sometimes that plugin inserts extra code that makes the website heavy.
Ok, now you login to the website admin page and navigate to “member” -> select the “add new“.
Here you enter the information and press the button “show password” to set a password. In the “role” then you remember to choose “manager“.
Now log in to the account you just created, in the “member” you choose “all users“.
In the list of members, click “to clear“old admin account.
You choose to transfer all data content of the old admin account to your new account and then click the “delete confirmation“.
That’s it, from now on you will only be able to log in with the new admin account.
Step 2 install wordpress security plugin with 2-layer login
Note: You should configure sending mail in wordpress before setting security in this way.
Go to the admin page and find the “the new one“plugins.
You enter “Two Factor” in the search box and press the button “Setting” this plugin.
Once the installation is complete, click on the “activated“.
Next, you will find the “your profile” section “member“.
You choose to send the verification code via email.
At the bottom you select the button “updated profiles“.
Now every time you login the admin page will ask for your confirmation code.
You log into your gmail account to get the wordpress admin login code
Step 3 enable 2-layer security for hawkhost hosting
If you use hawkhost hosting, you will be able to enable 2-factor login.
You access the Cpanel admin page and click on the “Two-Factor Authencation“.
Here you click the “Set up Two-Factor Authencation” Please.
Now you open your phone and install the software “Google authenticator“.
You open the application and scan the QR code displayed in the Cpanel.
After that, you will enter the code in the application into the Step 2 box in the Cpanel and then press the button “Configure Two-Factor Authentication“.
The message screen like this, you have successfully configured. The next time you log in to the hosting, you will be asked for a code, enter the code in the application on your phone.
Note: An noticed that this Google authenticator app has the disadvantage that there is no backup code if you lose your phone or your phone is damaged, you can’t have the code to log in to the hosting. So you should memorize some code or store the secret somewhere for backup.
Some other notes
In addition to the ways above, you need to update your PHP, Plugin, and theme to the old version.
But you need to note that for free plugins, you can update freely, for free themes, you need to create a child theme and then update it, otherwise the customization changes to the code on your theme will disappear. .
Those of you who use paid plugins and themes but do not have the “licence key” should not update directly in wordpress because it will cause incompatibility with other addons and will even force you to enter the “licence key” otherwise it will can not be used.
You should only update (update) according to the zip file to the new version of the theme and plugin provider by extracting the zip directly on the hosting, or through the filezilla tools, or using the plugin “Update Theme and plugin”. Plugins from Zip File” to update.
So An has shown you how to secure a basic wordpress website. In the next lesson, An will guide you to back up your website so that in case there is a problem or virus infection, you have a backup copy to restore.
Good luck with your studies and remember to read the next articles!
Lesson 26: how to post on wordpress
Lesson 28: Manual backup of wordpress website