Secure Your WordPress Website with All in One WP Security – Quick Tutorial

Hi, guys and welcome to basic setup of your security of your WordPress site In this tutorial we will cover the plugin called all in one WordPress security and we will learn how to set up a basic security must have security for every blog or a website based on the WordPress

Okay, to add these plugin just go to your plugin section of your dashboard and add a new plugin In the search field just type all in one WordPress security and just click install now It's a super plugin and has it has 400,000 active installs and the rating of five stars, which is nice Okay, just activate your plug-in and that's it we are ready to roll Okay, after installation just go to your WordPress security plugin over here click on it and we have our preview our dashboard of our security plugin

Okay, this is the basic preview of our security measures and over here we have a security strength meter and on the right side we have security points breakdown so we have a preview what we did with our security measurements Okay, let's set up our basic WordPress security Let's click on the settings tab over here just below our dashboard and this is a very important section of our security the security plugin because we will use it for a backup of our databases, our htaccess file and our config PHP file Those three files are extremely important because hacker and bots usually aim at those files

And as you can see we can in our general settings, we can backup all these files in our general settings, so we don't have to go all over the steps The second important tab it's WordPress version info, as you can see we just click here to check to remove the WordPress version from our head element so Hackers don't know if we use the old version of WordPress or up-to-date Because the old versions of WordPress are most likely to be attacked And when we want to restore our files we go to this tab here and click restore htaccess file as well as a config file And the import export I will cover this at the end of this tutorial it's a pretty, pretty awesome stuff okay

Another important thing is our user accounts So just click on the next tab, it's a user account, and as you can see we can, we need to change our account login name from admin to your username, because of the bots and hackers usually use the admin username and random password to enter your site because the admin, usually people a left admin as it is, so change this user by clicking edit user And if you have your admin nickname and username admin just change them here in the nickname After that we go to a display name and, as you can see, I have the error because my site currently has the following accounts which have an identical log in name and display name To change your login name and display name just click here just change your nickname here and change the display name to be your preferred name and save update profile, and okay just close your profile, and h it refresh this page and we got five of five security points

Okay, let's move on In our user lockdown section, it means that if we can set up this max login attempts to for example 10 login attempts and after 10 login attempts the IP address is locked out because of the failed password This is just a maximum log in retries and we set up set up the time length of the lockout time to be one hour and that the user can after one hour also attempt to login to your site again Okay, and the another you can hear see here at the faile log-in records if something is failed As you can see and force log-out, we move to the force lockout and we can enable force logout after one hour to automatically log-out the user after one hour this is also, this means that the WordPress will also logout you, the admin

So, don't be afraid of that it's not it's not the error or something You can have this or you can just unclick this and remove it Okay, we are now moving to user registration, and we will skip this entirely because this is a basic security and it tends to be, this tutorial is oriented to you who have only one user and that's you If you want to your users to have the ability to login to your page then this user registration panel will be very important to you so you can have manual approval and you can ask for captcha You can ask for the captcha to for your new user to enable captcha on the registration page

Let's move on, let's go to database security Okay, in this database security we can change the prefix of our database table, I recommend to do that to do this because this is the usually a target to your database because it holds the most important information about your site, your content, and it's very important to hide some default WordPress information from hackers so we can change database prefix from, as you can see, _op to I don't know, to _testwordpress and the hacker will never guess this thing It's recommended to perform a database backup before using these features so you can just go to the second tab and make database backup and also make automated scheduled backups Okay, let's move to the file system security As you can see, we have file system security and file permissions in the in our first tab and as you can see all my files current permissions are same as recommended permissions so make sure to set up your permissions just like just like that

In a second tab PHP file editing don't click this because this will prevent you from editing your PHP files and all WordPress is made out of PHP file so you will just lookdown yourself And the as well as the third tab, file access, also don't click this because it will also prevent you, prevent access to files such as read me, the license, and the config-samplephp You can click this when you are done with your website and you don't need any any customizations in PHP files and those files Okay, let's move on, we will just skip WHOIS lookup in blacklist manager and head straight to the firewall, okay just click firewall and enable basic firewall protection just check this up and the over here you have more info what to do these things do It protects your htaccess file by denying access to it, disable service signatures, limit file upload size and protect our config page PHP file and that this is very important thing to know that if you check this on sometimes, if you have an add-on domain you will not be able to install WordPress and this is a huge time waster when I trying to figure out what was wrong and you can check and then my tutorial why I have error messages and not be able to install a WordPress just check this tutorial to be sure that if you have add-on domains you pay attention to this add-on, and any add-on that, that's the change the access file, and you just click check this okay? and we will skip this and we will skip this and save the basic firewall settings and we got our 15 security points

We just keep all these, OOO, I'm sorry we can just go to internet bots and block of fake Google bots and just check this out and save internet bot settings and that is it from the firewall Okay, let's move on, my favorite one is a brute force, brute force security and just go and don't touch these rename login page because if you rename login page and you forgot what is your login page you will never be able to access your WordPress site And just go to the login captcha and click it is one enable captcha on the login page, it's a super stuff to make a log-in captcha on your log-in page, and it's a simple mathematics and I always use that ,it's a very simple and very effective method Okay, let's move on to the spam prevention Okay, in our spam prevention dialogue we just enable captcha on common forms of course, and we block spam bots from posting comments from automatic posting comments and this disable disable bots to spam some

That's it from spam prevention very easy just save settings and get 30 security points Okay, few listings to to do is to go to our maintenance and check this if you want to enable the front-end lockout so if you are not logged in into your WordPress site and you had just making the new site you just click this checkbox and this will show, show for every non-logged in visitor off your website, and save site lockout settings and after that we will remove this when our site is ready to be published to public And that's it, one thing only, the last thing is if we are pleased with our settings you just go to settings, import export, and we export and we exported, this settings to your computer, and when we are out making a new website,we just install all in one WordPress security and import all the settings we just made to our new site so we save our time by a zillion And that's it for me and I hope that this will help you in your in your security efforts of your WordPress site, okay, bye-bye

Free Email Updates
We respect your privacy.

free online tools

affiliate marketing