How to Secure Your WordPress Website in 2024

00:00

let's talk about how to secure your

00:02

WordPress website there are several

00:04

potential risks to be aware of one of

00:06

the biggest concerns is Hackers because

00:09

WordPress is so popular it attracts the

00:11

attention of nefurious actors who

00:14

attempt to exploit vulnerabilities like

00:16

outdated plugins or core files to gain

00:19

unauthorized access to your site they

00:21

can deploy methods such as back doors

00:23

launching Brute Force attacks Pharma

00:26

attacks denial of service attacks or

00:29

cross-site scripting if left unresolved

00:31

there can be serious consequences such

00:34

as malware forwarding your website to a

00:36

completely different one adding content

00:38

you're unaware of Google warnings that

00:40

can hurt your position in the serps or

00:42

Worse being unable to log in to your own

00:46

website first and foremost you want to

00:47

make sure you have a solid website host

00:50

we've talked about different options

00:52

before including siteground for

00:53

beginners and cloudways for those who

00:56

are more tech savvy both options will

00:58

hook you up with all the tools you need

00:59

to keep your website safe and secure

01:01

that includes an SSL certificate web

01:04

application firewall SFTP access DDOS

01:08

protection and even malware protection

01:10

we'll leave a link to both of those

01:11

hosts in the description below just know

01:13

that we may earn a commission if you use

01:15

our links which helps support our team

01:17

and all of our ad-free videos another

01:20

easy thing you can do to boost your

01:22

WordPress Security is to lock down your

01:24

login credentials this can be done in

01:27

several ways including using a plug-in

01:30

to change the login URL from slash WP

01:33

admin or slash WP login to something of

01:37

your own choosing you can also add

01:39

two-factor authentication to your login

01:41

and limit login attempts which will help

01:44

repel Bots another way to protect your

01:47

login is by linking it to your Google

01:49

account using the Google apps login for

01:52

WordPress plugin once your login is

01:54

locked down you should whitelist your

01:56

users IP addresses this will ensure that

01:58

only registered user can get in even if

02:02

they have managed to figure out your

02:03

password another very useful thing you

02:05

can do is to install a good security

02:07

plug-in such as ifeem security it'll

02:10

allow you to add the two-factor

02:12

authentication limit the login attempts

02:14

schedule backups and even hide your

02:17

WordPress login in addition to a

02:19

WordPress security plugin consider

02:21

installing a good backup plugin like

02:24

updraft plus if your host doesn't offer

02:27

backups a backup plugin protects you

02:29

from losing your site's files helping

02:31

you to avoid rebuilding WordPress from

02:34

scratch you can easily restore your site

02:36

with little effort if something goes

02:38

wrong finally incorporating an activity

02:41

log plugin like WP activity log will

02:44

allow you to pinpoint what went wrong

02:46

and when quick reminder I'm going to

02:48

leave a link to everything I'm

02:50

mentioning in the description below so

02:52

if you're lost or you want to find what

02:53

I just talked about go ahead and check

02:55

out the description WordPress requires

02:57

three things to work correctly p PHP

03:00

MySQL and https support PHP or hypertext

03:05

preprocessor is a popular open source

03:08

scripting language used in web

03:10

development and it just so happens to be

03:12

the backbone of Wordpress and like

03:15

WordPress being open source leaves it

03:18

open for malicious actors looking to

03:20

take advantage to avoid these potential

03:22

issues it's best to keep PHP updated not

03:25

only does it help with WordPress

03:26

security but it also keeps your site

03:28

running optimally it doesn't stop there

03:30

though here are a few more quick tips

03:32

use a strong password to avoid exposure

03:35

to botnets keep WordPress up to date

03:38

this includes plugins and themes as well

03:41

install an SSL certificate if your host

03:45

didn't provide a free one and finally

03:47

conduct a security audit occasionally we

03:50

have a blog post that will link in the

03:52

description that'll help you run through

03:53

how to do that if you're feeling up to

03:55

it there are some Advanced security

03:57

techniques you can deploy this includes

03:59

hardening the

04:02

wp-config.php file and moving it

04:04

changing the WordPress Soul Keys

04:06

changing file permissions disabling XML

04:08

RPC and hiding your WordPress version we

04:11

recommend visiting our blog post in the

04:13

description for an in-depth look at each

04:16

of these techniques even if you do

04:18

everything right you may find yourself

04:20

in a situation where your website has

04:23

been hacked thankfully there are steps

04:25

you can take including putting your site

04:27

in recovery mode restoring from your

04:29

most recent backup or resetting your

04:31

passwords if all else fails your hosting

04:34

provider may be able to help check out

04:36

the description for links to relevant

04:38

videos and blog posts as well as

04:40

everything we mentioned today and there

04:42

you go thanks for watching be sure to

04:44

like this video And subscribe for more

04:45

like it with that said we'll catch you

04:48

in the next one