Introduction
When starting a side income blog, a WordPress self-hosted site or otherwise called a wordpress.org site, is the recommended blogging platform to use.
By following these guidelines for securing your WordPress blog, it will help protect your site from being maliciously attacked and give you peace of mind that your blog is secure.
Secure Access
When using Two-factor authentication (2FA) in WordPress, it means two forms of identification need to be used to gain access to your admin area. Wordfence is a comprehensive security plugin for WordPress that is a recommended plugin to install for security and has an option to enable 2FA. It also includes features such as a firewall and malware scanner that can be used.
A plugin such as Limit Login Attempts Reloaded can be used to limit login attempts and help stop brute force attacks, where multiple attempts to maliciously gain access are carried out.
It’s a good idea to use a strong password that’s long and complicated, that can’t be guessed.
Help deter bots from automatically attempting to gain access to your admin area through your default login page. Usually that page would be located at yoursite.com/wp-admin, but using a plugin like WPS Hide Login, you can change from the default to something like yoursite.com/login-to-wp
Use the Official WordPress Plugin Repository
Be careful when using WordPress plugins, by using the official WordPress Plugin Repository and ensure plugins have a good user rating when searching for them. The official repository can also be accessed through the WordPress admin area by clicking Plugins, then Add New Plugin.
Keep Updated
PHP, WordPress, themes, as well as plugins, should be kept updated.
As a security measure, PHP and WordPress core should be updated. This is due to PHP always evolving and security features improving and as there are more than 80 million WordPress websites, there is also a lot of hacking attempts for WordPress sites.
PHP and WordPress vulnerabilities can be patched with updates and themes and plugins can also be patched as vulnerabilities are found.
Maintain Backups
Regularly backing up your website files and database is very important in case your blog is lost, due to human error, being hacked or otherwise deleted and you need to retrieve a recent version of it.
To manually backup your WordPress site, first login to your webhost and then go to cPanel and use the Backup Wizard.
To back up your WordPress site using a plugin, UpdraftPlus can be used to backup, restore and migrate WordPress sites.
SSL and HTTPS
An SSL certificated can be installed and activated through your webhost under your plan and then redirect users to HTTPS rather than HTTP in your browser.
Secure Sockets Layer (SSL) is important because it establishes an encryption to data between your website and the visitor and digitally signs it.
HTTPS appears as part of your URL’s when your website is secured with SSL and is especially important when sharing personal or financial information, such as collecting payments from customers. It’s also important for blogs, as it is also a recognised standard and will protect user activity.
Practice Being Safe Online
An antivirus can be used and it’s important to take care not to engage with unsolicited emails, messages and links and practise not giving personal or sensitive information to sites that could be malicious or are not secure.