Protecting your website against attacks not only protects you but also the data and content of your users, so we continue to learn how to avoid them (to avoid headaches). Let’s see more tips!
Despite adding steps and being a bit annoying at times, this measure is one of the best that exist to verify that it is you (or who the user is) who is trying to access. First enter the username and password and match, the second step would be authenticated with one of your email accounts or a text message that is sent only to you. If you get any of these codes or links without you having requested them, you will know that someone tries to access and already has your password.
Two of the best plugins to establish two-step authentication are WordFence and the one mentioned in the previous post, Loginizer.
Use Google Search Console
Using this tool from Google will allow you to receive information about:
- WordPress Updates
- Code injections
- Usability issues warnings
- Speed problems
Limit login attempts
By default, login attempts in WordPress are unlimited. So as we said in the previous post, the number of attempts that the attack made can leave your web very “badly hurt” if you manage to do it with nothing to stop it.
Three popular plugins can help you: Limit Login Attempts, the aforementioned WordFencer and Loginizer.
Delete unused WordPress installations
Many people have WordPress installations on their servers that they use to test plugins, modifications, etc.
Eliminating it’s a good option since we do not usually pay so much attention to the security of this type of facilities, they don’t have strong passwords and so on. In summary, they are an entry to your server, so you must be very aware.
Get rid of the sploggers
Splogs, a kind of spam, contain links to other sites (usually junk) loaded with keywords that try to be detected and positioned within the search engines. These websites end up covered by ads and links that may confuse the user, who is prone to clicking confusing ads with normal links.
With a plugin like WangWard you can avoid those users who register on your website with the intention of injecting malware, commenting spam or massively registering on websites.