Assignments
What are some of the security vulnerabilities with WordPress websites?
1. Malware: Cybercriminals can insert harmful code into your website, potentially endangering visitors or compromising their data.
2. Brute Force Attacks: Automated efforts to crack passwords might result in unauthorized access to your site.
How do you harden WordPress website? Mention at least 15-20 different settings or techniques or tricks.
1. Update WordPress: Visit the Dashboard > Updates and make sure the WordPress core, themes, and plugins are up-to-date.
2. Strong Passwords: Go to Users > All Users to enforce strong passwords for all accounts.
3. Two-Factor Authentication: Install and configure a 2FA plugin via Settings > Plugins.
4. Limit Login Attempts: Configure a security plugin to limit login attempts in its settings.
5. SSL Certificate: Obtain and install an SSL certificate by navigating to Settings > General.
6. Monitor User Activity: Utilize a security plugin to keep track of user activity logs.
7. IP Access Restrictions: Establish IP restrictions under Settings > Security.
8. CAPTCHA: Install and set up a CAPTCHA plugin within its settings.
9. Custom Login URLs: Change the default login URL in Settings > General.
10. Malware Scanning: Regularly scan for malware using a security plugin.
11. Minimal Permissions: Assign minimal permissions to users through Users > All Users.
12. Web Application Firewall: Install and configure a WAF plugin in its settings.
13. Remove Unused Themes and Plugins: Delete any unused themes or plugins via Appearance > Themes and Plugins.
14. Email Notifications: Set up email notifications for security events in Settings > General.
15. Regular Security Audits: Perform periodic security audits with the help of a security plugin.
What plugins/resources are available for WordPress Security? Name at least five plugins or resources and what services or benefits do they provide.
Wordfence: Offers essential security functions, including malware scanning and firewall protection.
iThemes Security: Specializes in security hardening and safeguarding logins.
All-In-One WP Security & Firewall: Delivers security hardening and login protection features.
WP Login Lockdown: Enhances your login page security by restricting login attempts.
VaultPress: Provides backup services and malware scanning.
Which plugin(s) do you think you will use and why?
I plan to use Wordfence for its firewall due to its excellent protection against a variety of threats. Additionally, it comes pre-installed, making it even more convenient.
What would you do if you are hacked?
If I were hacked, first I’d collect myself, contact support, disconnect from the internet, and change all my passwords—focusing on critical accounts. Then, I’d run an updated antivirus and anti-malware scan.
What is SSL? How would you activate it in your domain?
SSL, Secure Sockets Layer, secures data transmission between a web server and a browser through encryption, ensuring privacy and security. Now to activate SSL on your WordPress site, get a certificate from a trusted Certificate Authority (CA), and install it using cPanel.
