[GUIDE] Extension #7 To My Money Making Guide: ♛Securing your Wordpress Website!♛ [PLUGINS]

1. https://www.blackhatworld.com/seo/how-to-build-and-earn-money-with-movie-trailer-site-and-publicly-available-videos-moviesite-guide.1218955/
2. https://www.blackhatworld.com/seo/guide-extension-1-to-my-money-making-guide-how-to-stay-anonymous-vpn-list-and-more-details.1222561/
3. https://www.blackhatworld.com/seo/guide-extension-2-to-my-money-making-guide-free-organic-traffic-from-free-blogs-web-2-0s.1223547/
4. https://www.blackhatworld.com/seo/guide-extension-3-to-my-money-making-guide-use-social-media-for-traffic-churn-burn-method.1224089/
5. https://www.blackhatworld.com/seo/guide-extension-4-to-my-money-making-guide-keep-posts-fresh-add-new-embeds-video-networks.1225378/
6. https://www.blackhatworld.com/seo/guide-extension-5-to-my-money-making-guide-rank-before-competitors-stay-one-step-ahead-seo.1227798/
7. https://www.blackhatworld.com/seo/guide-extension-6-to-my-money-making-guide-expired-domains-for-traffic-and-ranking-seo.1233322/
   

I guess a lot of people are following my guides and by now i believe a bunch of people made their own website, but may have missed one vital part - securing it!

If your website is growing you will definitely be a "hot target" for competitors and they will try all the time to DDOS you, bruteforce your login and even hack your website completely and take your database which took you months of work to build. We do not want that to happen.

What is this about?
This thread will teach you basic wordpress security to protect your website from hackers and competitors on a friendly way using wordpress plugins and other beginner friendly methods.

I will be covering

• DDOS Protection with Cloudflare
• Securing your Wordpress using plugins
• Basic brute force protection
• Files that should be disabled and are by default enabled on wordpress
• Captcha on login and other pages

Before we start, you should always use a separate email, username and password for your wordpress login, because websites get hacked all the time and you do not want to be exposed if you use the same password everywhere as this can lead to serious trouble for you.

DDOS Protection with Cloudflare
Setting up your website to go through cloudflare is easy.
You will need a free cloudflare account and you will need to add your website there using a free plan using the add site button in the corner.

When your website is under a DDos attack Cloudflare provides a lot of analytics, so in case you notice something suspicious and a lot of unusual requests, you should click on your website.

Look for Quick Actions and then Under Attack Mode. Then for Security Level select I'm under attack!
What this will do is give captchas and check browser integrity for each visitor, however this will not solve the problem if the DDOS attack is strong.

Another good thing to do on Cloudflare when you are under attack is see which IP's and countries the most requests come from. Usually these would be some hacked dedicated servers or VPS servers so do not put the blame to the actual IP or the datacenter. Now you can either block by IP address or by country and leave the settings blocking until the DDOS attack is over.

This can be done easily by clicking on your domain then going to the Firewall tab. Click Firewall Rules and then Create a Firewall Rule. The interface is friendly and you will see the options you have to block the attacker.

Securing your website using plugins
I am not a fan of wordpress plugins at all as many times in the past, plugins for security have actually made my websites vulnerable.

Anyways, a few plugins that are worth mentioning and installing are.

- Disable REST API Plugin
When your website is DDosed usually people send requests through the REST API that is by default enabled on wordpress.
You can disable it using the plugin
https://wordpress.org/plugins/disable-wp-rest-api/
Install it, then go to your Wordpress dashboard - Settings - Disable Rest API
Tick [] Rest API Root and click save.

- Disable XML-RPC Plugin
Disabling the XML-RPC will help you protect from attacks. This feature is by default enabled by wordpress so the website can have external communication. You will not notice any difference when you disable this.
https://wordpress.org/plugins/disable-xml-rpc/

If you do not want to install this, you can open your .htaccess file and add this snippet at the end of the file

- WPS Hide Login
A lot of times people will try to hack your website using bruteforce or just send dumb requests to your login page which by default is /wp-login.php and what this plugin does is making it something custom that only you know. This plugin is a must. After Installing you will be able to change your login page to something like /badassloginpage/ or anything custom you would like. This will give you DDOS and Bruteforce protection, but also protect you if you password was the same and exposed on the dark web at some point at the past and add an extra precaution.
https://wordpress.org/plugins/wps-hide-login/

- Loginizer
The name speaks for itself, loginizer is a nice plugin to have and it will lock brute force attackers even if they accessed your login page by blocking their IPs after a few failed attempts.
https://wordpress.org/plugins/search/loginizer/

- hCaptcha for Wordpress
This is a new plugin and probably the best captcha to have on your login page. It is not related with big G and you can get a free account even if you are on a VPN, they don't even ask for email registration.
Once installed you just need to register and put your site key and secret key from hCaptcha to the plugin and choose the pages where you want hCaptcha to be shown. You should add it on login page, registration page, forget password page, contact form and anything similar that can be used to exhaust your traffic. Set security settings to highest on the hCaptcha website.
https://wordpress.org/plugins/hcaptcha-for-forms-and-more/

More plugins and other software worth checking
1. Wordfence
2. Sucuri (paid)
3. Managed wordpress solutions such as WPXHosting (not affiliated with them), they are based in Bulgaria and would only work for you if you are using a DMCA friendly method to bank (movie reviews, trailers, documentaries).

Keeping your Wordpress Empire Safe is a vital task that needs to be done and not skipped for later point. Stay tuned for more.

Nice article,

Question, you give two options Cloudflare and Plugins.

1. Does Cloudflare do what the plugins do? They seem different.
2. So, if you use Cloudflare do you need all the plugins?
3. Should everything be used for max protection?

Good to see you back with another guide this time non movie related and yes most of those plugins seem handy

JetBlack101 said:

Nice article,

Question, you give two options Cloudflare and Plugins.

1. Does Cloudflare do what the plugins do? They seem different.
2. So, if you use Cloudflare do you need all the plugins?
3. Should everything be used for max protection?

Click to expand...

These should be used together with cloudflare. If they decide to attack your login page for example and if they have more servers, they will have fresh IPs and this will take some time for cloudflare to detect, while the plugins will do the job in the meantime.

TheVigilante said:

Good to see you back with another guide this time non movie related and yes most of those plugins seem handy

Click to expand...

Surprised to see you are following my posts in detail, thank you

Nice write up, whats the better in your opinion wordfence or scuri?

thescrrr said:

Nice write up, whats the better in your opinion wordfence or scuri?

Click to expand...

Depends on the budget, i would say WPXHosting since they don't make you pay, if you can afford then you can use Sucuri. Wordfence if you are out of budget also is nice when setup correctly.

curious how i never saw your threads before, thats a lot of content for free. thanks for your shares