Using the Better WP Security Plugin

There are many security focused plugins for WordPress. Better WP Security is a personal favorite and in this video I go over the basic setup of this plug from install to initial configuration. With 21 different security settings there is plenty to cover here but not all are relative to every setup and I explain why in this video.

Better WP Security, What is Covered

  • Install
  • Basic configuration
  • General overview of how you can personalize these settings for how you work with your Website.
  • A warning about security settings and your SEO efforts

Video Transcript
Hi there. We’re going to talk about how to help make your WordPress website a little bit more secure using a popular plug-in called Better WP Security.

Now there are many plug-ins out there that address security, many of them are very good. This one just happens to be a favorite of mine because over time I’ve never had any issues with it. No conflicts with other plug-ins or themes and so I found it easy for me to use. You may want to look into others as well though.

So installing Better WP Security is just like any other plug-in. You can do a search for it within the add new plug-in area and once downloaded you can activate the plug-in.

After it’s been activated you’re going to notice that on the left side we have a new menu item, security. Now because this is the first time we’re going here we’re going to get a couple prompts asking us to back-up the database and so on.

Now this is a great idea. You need to back-up your data base before making any changes to your website and this plug-in will make some changes to the website as well as to the data base so it’s very important that you go ahead and back-up. Now I’m going to hit “No Thanks” because I’ve already done that and I’m not going to make you watch me do that.

The next screen here is the initial screen you’re going to see when you first start it up. Now it’s going to say “Secure my site from basic attacks”. Or if you like to hit “No Thanks”, you can take care of everything yourself.

I’d like to go ahead and click “Secure my site from basic attacks”. This takes care of some of the basic security things that this plug-in is going to do for you and again, I’ve never had any issues or conflicts by doing this, it works well. Once complete you’re going to get a system status on this dashboard peg and it’s going to include 21 different items, points that you should look over when addressing security for your WordPress website.

Green is secure, blue is not fully secure, orange is partially secure and red are things that should be dealt with right away. You can kind of walk through here and see each and every one of these. Again, it’s very important that you have a back-up because this will be making some changes to your database.

The other thing is that you may find that some of the items don’t fit how you use the site. For example, one of the items is this, your WordPress admin area is available 24/7. Well one of the things you could do is lock out the admin for the hours of day that you’re not needing to administrate the site.

This is a great security practice because that means for say, between the hours of midnight and 6:00 a.m. that’s six less hours in a day that your admin screen is available for hackers to poke around on. Now on the flip side of that what happens if you do need to make an update at 1:00 in the morning or you’re working late and it’s only 12:15, you’re locked out of your site until 6:00 a.m. without some kind of headache level work.

I personally do not use this feature. There’s others in here that you may find just simply don’t work for the way you like to work with your WordPress website. But anyway, take a look here and walk through each and every one of them.

The one thing that I will say here though, under detect, its 404 detection. Now one of the things is that if someone or something, a bot, it is looking for security exploits on your website, it’s going to try many different known addresses. That’s going to produce 404’s, 404 is the code that a server gives back when a page cannot be found, it doesn’t exist on the server.

Well if there are many 404’s in a short period of time it’s probably not a user typing in the wrong address, it’s probably a bot poking around to see if there’s any weak points in the site. So one of the things it can do is sense this and then immediately block that IP address from accessing the site for a short period of time.

Generally speaking this is going to be great because humans just simply aren’t going to hit the same bad address that many times and bot will. However, I do have to caution you with this. If you’ve made major updates to the structure of your website recently and you’re waiting for Google to index you this will block Google.

Now if you do a search for this you’ll find different opinions on this but I can vouch for the fact that if you enable this and Google hits your 404’s too many times, it will block your site from Google and as a result your indexing and all your SEO efforts are out the window because Google can’t get in.

Beyond that, again, you’re going to spend most of your time on your dashboard here. Like I said, go ahead and go through each one these. Find the ones that you’re comfortable making. It’s my opinion that any of these are better than none of these, so I want to stress about making sure each and every one of these glows green and in fact on my sites I don’t have a site that everyone of them is glowing green meaning that it’s “fully secure”. Some is better than nothing.

That’s an overview of Better WP Security plug-in to help you secure your WordPress website a little bit better.