[GUIDE] Extension #7 To My Money Making Guide: ♛Securing your Wordpress Website!♛ [PLUGINS]

RoyalOffshore

Jr. VIP
Jr. VIP
Joined
Aug 3, 2011
Messages
397
Reaction score
306
Website
RoyalOffshore.net
♛ This post is a 7th extension of my Money Making Guide... surely not the last! ;) You should read these first to be able to understand what's this about ♛​
  1. ♛ MOVIESITE GUIDE ♛ How To Build And Earn Money With Movie/Trailer Site And Publicly Available Videos
  2. [GUIDE] Extension #1 To My Money Making Guide: ♛How To Stay Anonymous - VPN List And More Details!♛
  3. [GUIDE] Extension #2 To My Money Making Guide: ♛Free Organic Traffic From Free Blogs & WEB 2.0s!♛
  4. [GUIDE] Extension #3 To My Money Making Guide: ♛Use Social Media for Traffic - Churn & Burn Method!♛
  5. [GUIDE] Extension #4 To My Money Making Guide: ♛Keep Posts Fresh, Add New Embeds & Video Networks!♛
  6. [GUIDE] Extension #5 To My Money Making Guide: ♛Rank before competitors, stay one step ahead!♛ [SEO]
  7. [GUIDE] Extension #6 To My Money Making Guide: ♛Expired Domains for Traffic and Ranking!♛ [SEO]
I guess a lot of people are following my guides and by now i believe a bunch of people made their own website, but may have missed one vital part - securing it!

If your website is growing you will definitely be a "hot target" for competitors and they will try all the time to DDOS you, bruteforce your login and even hack your website completely and take your database which took you months of work to build. We do not want that to happen.

What is this about?
This thread will teach you basic wordpress security to protect your website from hackers and competitors on a friendly way using wordpress plugins and other beginner friendly methods.

I will be covering
  • DDOS Protection with Cloudflare
  • Securing your Wordpress using plugins
  • Basic brute force protection
  • Files that should be disabled and are by default enabled on wordpress
  • Captcha on login and other pages

Before we start, you should always use a separate email, username and password for your wordpress login, because websites get hacked all the time and you do not want to be exposed if you use the same password everywhere as this can lead to serious trouble for you.

DDOS Protection with Cloudflare
Setting up your website to go through cloudflare is easy.
You will need a free cloudflare account and you will need to add your website there using a free plan using the add site button in the corner.

When your website is under a DDos attack Cloudflare provides a lot of analytics, so in case you notice something suspicious and a lot of unusual requests, you should click on your website.

Look for Quick Actions and then Under Attack Mode. Then for Security Level select I'm under attack!
What this will do is give captchas and check browser integrity for each visitor, however this will not solve the problem if the DDOS attack is strong.

Another good thing to do on Cloudflare when you are under attack is see which IP's and countries the most requests come from. Usually these would be some hacked dedicated servers or VPS servers so do not put the blame to the actual IP or the datacenter. Now you can either block by IP address or by country and leave the settings blocking until the DDOS attack is over.

This can be done easily by clicking on your domain then going to the Firewall tab. Click Firewall Rules and then Create a Firewall Rule. The interface is friendly and you will see the options you have to block the attacker.

Securing your website using plugins
I am not a fan of wordpress plugins at all as many times in the past, plugins for security have actually made my websites vulnerable.

Anyways, a few plugins that are worth mentioning and installing are.

- Disable REST API Plugin
When your website is DDosed usually people send requests through the REST API that is by default enabled on wordpress.
You can disable it using the plugin
https://wordpress.org/plugins/disable-wp-rest-api/
Install it, then go to your Wordpress dashboard - Settings - Disable Rest API
Tick [] Rest API Root and click save.

- Disable XML-RPC Plugin
Disabling the XML-RPC will help you protect from attacks. This feature is by default enabled by wordpress so the website can have external communication. You will not notice any difference when you disable this.
https://wordpress.org/plugins/disable-xml-rpc/

If you do not want to install this, you can open your .htaccess file and add this snippet at the end of the file
Code:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

- WPS Hide Login
A lot of times people will try to hack your website using bruteforce or just send dumb requests to your login page which by default is /wp-login.php and what this plugin does is making it something custom that only you know. This plugin is a must. After Installing you will be able to change your login page to something like /badassloginpage/ or anything custom you would like. This will give you DDOS and Bruteforce protection, but also protect you if you password was the same and exposed on the dark web at some point at the past and add an extra precaution.
https://wordpress.org/plugins/wps-hide-login/

- Loginizer
The name speaks for itself, loginizer is a nice plugin to have and it will lock brute force attackers even if they accessed your login page by blocking their IPs after a few failed attempts.
https://wordpress.org/plugins/search/loginizer/

- hCaptcha for Wordpress
This is a new plugin and probably the best captcha to have on your login page. It is not related with big G and you can get a free account even if you are on a VPN, they don't even ask for email registration.
Once installed you just need to register and put your site key and secret key from hCaptcha to the plugin and choose the pages where you want hCaptcha to be shown. You should add it on login page, registration page, forget password page, contact form and anything similar that can be used to exhaust your traffic. Set security settings to highest on the hCaptcha website.
https://wordpress.org/plugins/hcaptcha-for-forms-and-more/

More plugins and other software worth checking
1. Wordfence
2. Sucuri (paid)
3. Managed wordpress solutions such as WPXHosting (not affiliated with them), they are based in Bulgaria and would only work for you if you are using a DMCA friendly method to bank (movie reviews, trailers, documentaries).

Keeping your Wordpress Empire Safe is a vital task that needs to be done and not skipped for later point. Stay tuned for more.
 

JetBlack101

Jr. VIP
Jr. VIP
Joined
Jun 29, 2019
Messages
446
Reaction score
356
Nice article,

Question, you give two options Cloudflare and Plugins.

1. Does Cloudflare do what the plugins do? They seem different.
2. So, if you use Cloudflare do you need all the plugins?
3. Should everything be used for max protection?
 

TheVigilante

Jr Vip
Jr. VIP
Joined
Aug 31, 2010
Messages
14,984
Reaction score
15,961
Website
t-ranks.com
Good to see you back with another guide this time non movie related and yes most of those plugins seem handy
 

RoyalOffshore

Jr. VIP
Jr. VIP
Joined
Aug 3, 2011
Messages
397
Reaction score
306
Website
RoyalOffshore.net
Nice article,

Question, you give two options Cloudflare and Plugins.

1. Does Cloudflare do what the plugins do? They seem different.
2. So, if you use Cloudflare do you need all the plugins?
3. Should everything be used for max protection?
These should be used together with cloudflare. If they decide to attack your login page for example and if they have more servers, they will have fresh IPs and this will take some time for cloudflare to detect, while the plugins will do the job in the meantime.

Good to see you back with another guide this time non movie related and yes most of those plugins seem handy
Surprised to see you are following my posts in detail, thank you
 

RoyalOffshore

Jr. VIP
Jr. VIP
Joined
Aug 3, 2011
Messages
397
Reaction score
306
Website
RoyalOffshore.net
Nice write up, whats the better in your opinion wordfence or scuri?
Depends on the budget, i would say WPXHosting since they don't make you pay, if you can afford then you can use Sucuri. Wordfence if you are out of budget also is nice when setup correctly.
 

FriendlyPufferfish

Jr. VIP
Jr. VIP
Joined
Sep 13, 2019
Messages
806
Reaction score
1,040
curious how i never saw your threads before, thats a lot of content for free. thanks for your shares
 
Top