You need to make sure that you site is safe from hackers! They are out there and I have got this lesson together to help you be safe in the wild wild west of the internet.
Limit bad logins
This is standard on all new WordPress installs.
If you do not have it, get it.
You know your Login page, username, and password.
If someone tries and fails four times they are locked out for twenty minutes.
If after that they try again with four fails they are locked out for 24 hours.
One the dashboard screen you can see failed attempts.
Make your Site https
Really Simple SSL automatically detects your settings and configures your website to run over https.
To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.
Install and Activate
You will be taken to a screen to ‘Go ahead, activate SSL!”
On the next page click “Enable” on the line for 301 redirects.
Then click Save at the bottom.
Hide your Login Page
Change wp-login.php to anything you want.
Install and Activate, click on the plugins Settings link.
One the next page , change the word “login” to some thing you can remember but is unrelated to WordPress or logging in. Say, “mywriting”.
Logout and login using this name and new location instead of wp-admin.
We will just be using the free portions of this plugin.
Make sure you have also used WPS Hide Login.
Install and Activate, on the next screen put in your email address so you will receive warnings when hacking attempts happen.
At this time we do not have a Premium Key, click No Thanks.