1. Take advantage of two-factor authentication (2FA)
Two-factor authentication involves a two-step process where you need the password and a second method to log in.
In most cases, this is 100% effective in preventing brute force attacks on your clients’ WordPress sites.
Plugins are currently being developed to offer Double Factor Authentication in WordPress such as:
Two-Factor,
Google Authenticator – WordPress Two Factor Authentication (2FA)
Two Factor Authentications
After installing and configuring one of the above plugins, you will usually have an additional field on your WordPress login page to enter the security code.
With the Duo Two-Factor Authentication plugin you will first log in with your credentials and then you will be asked to choose an authentication method, such as Duo Push, call or passcode.
2. Create backups
We must always create backup copies of our files on whatever device or platform we use. This must also be applied to eventige wordpress, since this way we can be protected in case of suffering some type of information loss. It’s always a good idea to keep all your settings and stored content safe.
If you have your website hosted on Interdominios, you can hire the Backups service and we will take care of returning your website to a previous copy in the event of being affected by an attack or suffering a mishap.
3. Avoid brute force attacks by limiting access
One of the most common techniques used by cybercriminals to steal passwords is brute force. It basically consists of trying an infinite number of access key combinations until finding the solution.
This could be a problem, as there are computer programs that you can try and test until you find the right one. However, we can avoid this. We can configure access to have a test limit. We can also configure a reCaptcha and thus confirm that there is a human behind that login attempt.
Including reCaptcha in blog comments will prevent a lot of spam from getting in.
4. Invest in secure WordPress hosting
Server hardening is the key to maintaining a completely secure WordPress environment. It requires multiple layers of security measures at the hardware and software level to ensure that the IT infrastructure that hosts WordPress sites is capable of defending against sophisticated threats, both physical and virtual.
Our hosting and VPS services are totally safe. At Interdominios we guarantee secure WordPress hosting for all our clients. Security is built into our architecture from the beginning and is a much more secure method than others that are available today.
We also offer Antispam service that you can add to your contracted services from your client extranet.
5. Use the latest version of PHP
PHP is the backbone of any WordPress site, so it is very important that you make sure that your website is using the latest version on your server. Each major version of PHP is typically supported for two years after its release. During that time, bugs and security issues are regularly fixed and patched.
Anyone running on PHP version 7.1 or lower is no longer supported for security and is exposed to unpatched security vulnerabilities.
6. Strengthen database security
There are a couple of ways to improve the security of your WordPress database.
- Use a smart database name. Changing the database name to a more complex one helps protect your site, making it more difficult for hackers to identify and access the details of the database.
- Use a different prefix in the database table. When you install WordPress, it asks you for a table prefix. By default, WordPress uses wp_. Changing this to something like 39xw_ can be much more secure.
