Hi! Welcome to the Primomate. In this tutorial on How to secure WordPress Website, I will show you how to protect your website from Brute force attacks. And I will also show you how to Change the Database Prefix and Protect from Spam. I am requesting you to read attentively.
You will fully learn How to Secure WordPress Website in 4 step-
- how to password protect your htaccess file
- Htaccess Security Tips to secure WordPress website
- How to Add Security Question to WordPress Login page with a plugin
- How to protect your content in WordPress
Ok, now let’s learn-
How to secure the website from brute force attacks.
To prevent Brute force attacks I need to install and activate a plugin names All in one wp security and firewall . So to install the plugin I will go to the WordPress dashboard. From the dashboard, I will hover on the plugins and then click on the add new.
up here in the search box, I will look for All in one wp security by typing that. Then I will select the first one and click install and activate.
Plugins ➡ Add New ➡ Search(All in one wp security) ➡ Install the first one ➡ Activate
Once the plugin is activated You should see a tab down here called Wp security and enter this tab there are some different options. But I will not cover all the options because It will take too much time. So, I will cover some important parts.
Ok, Now I will show you how to secure wordpress website using All in one wp security plugin
To prevent Brute force attacks I will cover In 3 steps-
1-Change WP login username
So first I will cover User account .
Now you can change from here the admin username which comes by default when you install WordPress in your website.
So, I strongly recommend you to change the admin user name to something else.
So, to do that go to the user account from the wp security plugin and put a new username and click save username.
Wp security ➡ User account ➡ Enter New Admin Username ➡ Click on Change Username
You should remember this username because you cannot log in your wp dashboard without that.
now, let’s see how to secure WordPress website by changing wp-login page’s URL.
2-Change WP login page’s URL
Once you have changed the admin username please go to brute force.
From here you can change the WordPress login page URL which will prevent your website from brute force attacks. The by default WordPress login page URL is www.website.com/wp-admin
But if you make change here, your WordPress login URL will change.
like- www.website.com/sample
So, please be careful because you need to remember this URL when you are trying to log into your WordPress dashboard.
WP security ➡Brute Force ➡Mark checkbox ➡Enter URL suffix ➡Save Setting [note: please remember URL suffix]
When I will make this change then my WordPress dashboard login URL will change to be ‘http://primomate.com/sample’.
3-Stop user enumeration
OK so now I’ll go to the last tab named miscellaneous and from there I will select users enumeration.
by using the WP scan tool hackers can be able to enumerate users. So I recommended to you enabling this feature to stop user enumeration and then click save settings.
this feature will help you to prevent attacks.
At that point, the website is more secure by doing the simple changes which I have shown in How to Secure WordPress Website tutorial. And these changes will Prevent Brute force attacks against WordPress Website.
Now I am showing you how to secure wordpress website by changing the Database prefix-
4-How to Change the Database Prefix
I’m going to continue showing how to secure the WordPress website using the all in one WP security plugin. So first of all I will secure the WordPress database for preventing malicious attacks by going to database security.
the database contains very important information such as user name and password, comments, web page details, and so on.
To give an example I’ll go to c-panel on my web host.
And from there, I go to PHP My Admin.
here you can see all the tables with the wp prefix.
But I was changed before my database prefix as wpwk that you are seeing-
So to protect your database from malicious attacks I highly recommend to change the table prefix.
first, make sure you have backup your database before doing this.Then change the DB prefix. Also, You should have backup everything before reading How to Secure WordPress Website.
So to do that I will go back to the dashboard and go to database security from the WP security plugin. And then I will put a database prefix called”myDB” and then I will click change DB prefix.
Dashboard ➡ wp security ➡ Database security ➡ put a prefix ➡ Change DB prefix
Now, if the DB prefix was successfully changed I will go to the database to check it and i will refresh the page. After refreshing you can see that the table prefix was successfully changed to myDB.
That’s It. This change will protect your website from malicious attacks.
Now I want to show you how to secure WordPress website by protecting the website from spamming-
How to Protect Website from Spamming
To prevent spamming I will go to the spam-prevention option from the WP security plugin. Then I will mark 2 checkboxes. One is for insert a captcha and another is for block any spambots. Then I will click on save settings
WP security ➡ Spam prevention ➡ Mark two checkbox ➡ Save settings
Once done with that I will visit my website with another browser or incognito mode for checking this.
In the comment section of the post of my website, You are seeing that a captcha box with a simple calculation has arrived.
So,this will block spamming and bots on your website. read more to know-Ways to Protect Your Website From SEO Spam Attacks
So, that’s it for now and thanks for reading:How to Secure WordPress Website. If you guess any problem then you can comment on your problem in the comment box below.
