Website Security - 2015 Website SEO Guide for Businesses (2015)

2015 Website SEO Guide for Businesses (2015)

Website Security

Security is a must, especially if you use WordPress. Like anything that is popular, it’s targeted by hackers. Look at Xbox, Playstation and WiiU. Which one of those three isn’t targeted by hackers. That would be the WiiU, hardly anyone owns one compared to Xbox and Playstation, which is why hackers targeted both of them at Christmas 2014.

The same goes for Windows, Mac & Linux, which one is the most popular? Windows by a long shot, which is why they are so many viruses targeted at Windows.

When it comes to websites, WordPress is targeted the most, simply because it is the most popular.

You may ask yourself, what has Security got to do with SEO? Well, if your website gets hit by malware, then Google is going to ban your website. That means nobody can visit your site because Google will have blocked it. So the better your security is, the better your website is. You don’t want your website to be penalised in search engines because of poor security.

I’m going to show you how to configure security Plugins for your WordPress site. The first one, which is “Limit Login Attempts” is quite basic and is good to use on any WordPress site.

The second is “All In One WP Security & Firewall”. My advice is to use this one first, but beware, if you have an ecommerce site, it may cause problems with some of your other Plugins.

If you do run into any problems, uninstall it and install the Limit Login Attempts plugin.

Let’s do a quick walkthrough for the Limit Login Attempts Plugin first.

Limit Login Attempts

Navigate to “Plugins” and “Add New”

Type in ‘Limit Login Attempts’ in the search bar

Click on the “Install Now” button

Navigate to “Settings” and “Limit Login Attempts”

Set the following options:

2 “allowed retries”

900 “minutes lockout”

4 “lockouts increase lockout time to” 9000 “hours”

900 “hours until retries are reset”

Now click on the “Change Options” button

That’s the Limit Login Attempts plugin configured, just make sure you remember your WordPress password and don’t lock yourself out.

All In One WP Security & Firewall

Navigate to “Plugins” and click on “Add New”

In the top right search box, type in ‘all in one wp security’

Click on “Install Now” then click “OK”

Click on “Activate Plugin”

On the Admin Bar on the left hand side, you will see a new option called “WP Security”

Navigate to “WP Security” and click on “Settings”

At the top, click on “WP Meta Info”

This information tells potential hackers what version of WordPress you are running.

Select the check box, “Remove WP Generator Meta Info:”

Click the “Save Settings” button

On the left hand side click on “User Login”

Now we’re going to lock down WordPress so that if hackers attempt to try to login to your site, they will be banned.

Click the check box for “Enable Login Lockdown Feature:”

Click on the box for “Instantly Lockout Invalid Usernames:”

Now click the “Save Settings” button

On the left hand side, click on “User Registration”

Click the box for “Enable manual approval of new registrations:”

Now click on the “Save Settings” button

On the left hand side, click on “Database Security”

Click the check box for “Generate New DB Table Prefix:”

Click on the “Change DB Prefix” button

Now, on the lift hand side, click on “Firewall”

Click the check box for “Enable Basic Firewall Protection:”

Click the check box for “Enable Pingback Protection:”

Now click the “Save Basic Firewall Settings”

At the top of the page click the “Additional Firewall Rules” tab

Click the check box for “Disable Index Views:”

Click the check box for “Disable Trace and Track:”

Click the check box for “Forbid Proxy Comment Posting:”

Click the check box for “Deny Bad Query Strings:”

Click the check box for “Enable Advanced Character String Filter:”

Now click the “Save Additional Firewall Settings” button

At the top of the page, click on the “5G Blacklist Firewall Rules”

Click the check box for “Enable 5G Firewall Protection:”

Now click the “Save 5G Firewall Settings” button

At the top of the page, click the “Internet Bots” tab

Click the check box for “Block Fake Googlebots:”

Click the “Save Internet Bot Settings”

At the top of the page, click the “Prevent Hotlinks” tab

Click the check box for “Prevent Image Hotlinking”

Click the “Save Settings” button

On the left hand side, click on “Brute Force:”

By default, the WordPress login page is set to /wp-admin, we’re going to change this to a different name of your choice. Don’t forget what you have changed this to.

Click the check box for “Enable Rename Login page:”

Now enter a string of text that you want to use

Click on the “Save Settings” button

Now we’ll add a Captcha form to the login page

At the top of the page, click on the “Login Captcha” tab

Click the check box for “Enable Captcha On Login Page:”

Click the check box for “Enable Captcha on Custom Login Form:”

Click the check box for “Lost Password Form Captcha Settings:”

Now click the “Save Settings” button

Navigate to the top of the page and click the “Honeypot” tab

Click the “Enable Honeypot On Login Page:”

Now click the “Save Settings” button

Navigate to the left hand side and click on “SPAM Prevention”

Click the check box for “Enable Captcha On Comment Forms”

Click the check box for “Block Spambots From Posting Comments”

Now click the “Save Settings” button

Navigate to the left hand side and click on “Miscellaneous”

Click the check box for “Enable Copy Protection”

Click the “Save Copy Protection Settings” button

This option stops people from copying text from your website.

At the top of the page, click the “Frames” tab

Click the check box for “Enable iFrame Protection”

Click on the “Save Settings” button