Before setting up my first website, I invested in a digital course on blogging.
I watched those over-the-shoulder videos and followed the instructions step by step.
But a few days after the site was published, I noticed something was off.
WordPress dashboard showed that the Site Health Status was not good.
Some core WordPress files had been modified, and new suspicious files were added without my permission.
It was then that I realized my site might have been hacked.
That expensive course created by “big names” in the blogging industry didn’t mention any security plugins.
According to the landing page, the course was designed for complete beginners. No security topic for beginners?
I had to spend a whole day finding solutions. One of the security plugins I installed later showed that my site had been attacked more than 350 times in the past few days.
Eventually, I gave up my first site and turned it into a test site for not sure of its security.
I shared my story so you won’t ignore the importance of website security.
Here are three security plugins I use on my sites:
WPS Hide Login
If attackers can’t find the login page of your WP site, it will be harder for them to attack the site.
The WPS Hide Login plugin provides an easy way to change the default login URL to a custom URL. It’s totally free.
Limit Login Attempts Reloaded
WordPress, by default, allows an unlimited number of login attempts, creating a vulnerability where passwords can be decoded through brute force methods.
The plugin acts against brute force attacks by restricting the number of login attempts a user can make within a specified time frame. This effectively safeguards your WordPress site from hackers who try to gain access through repeated login attempts.
The developers launched a free service called “Micro Cloud” in Feb. 2024, a limited upgrade to their premium version in exchange for sharing your login IP data.
Tip: Don’t set lockout time for too long. Once I set it to 240 hours. When my browser entered the wrong password automatically, I had been locked out of my site for ten days!
Wordfence Security
This is one of the most powerful and comprehensive security plugins I have ever used. It provides multi-layered protection for WordPress sites against a wide range of security threats.
Part of its premium functions are overlapped with the other two plugins I mentioned above. But I use all of them to ensure the safety of my sites.
Maliha (founder of thesideblogger.com) also recommends Wordfence Security in How to Start a Blogging Business in 2024.
People like her know what they are doing and always focus on the benefits of their audience authentically.
Finally, the lesson I learned from the experiences of my first site:
Invest in “real gems” and avoid “shining objects”!