How I Have Made My WordPress Blog Site Secured?
By Faruque Ahamed Mollick
You are reading this post on my blogging site EyeSwift which is hosting on Flywheel managed WordPress hosting. My hosting provider is already giving my WordPress site ahigh level of security. But I have also take some steps myself to make my WordPress blog even more secured. Now I am going to explain which steps I have taken to make my WordPress blog secure. Here I have listed what I have done:
How I Have Made My WordPress Blog Site Secured?
Using CloudFlare And WordPress HTTPS
To start with CloudFlare you have to register on CloudFlare and then you need to add the domain. After that change your nameservers and add the nameservers that are provided by CloudFlare. It will work nicely with WordPress HTTPS plugin. I am using both of these plugins and WordPress HTTPS plugin is working with CloudFlare. Thus my website is became secured by CloudFlare. I am using the free HTTPS that is provided by CloudFlare. Youcan see the green lock sign with HTTPS instead of HTTP on my site URLs.
WP Limit Login Attempts
This is a nice plugin to stop those attacks where bot try a lots of combination of username and passwords and several other attacks by limiting the number of login attempts. If a user try to access your WordPress site with wrong login information then the user will not be able to login on your WP site for a particular time period. You can set the amount of time that the user have to wait to login again and also you can set the number of login attempts after which the user will have to wait.
WP reCaptcha Integration
Again an amazing and great plugin which will let you use the Google reCaptcha or Google no Captcha reCaptcha without touching one single line of code. You just need to create the reCaptcha from https://www.google.com/recaptcha and then put it on the plugin option page. I am using this plugin too for enabling the Google no captcha reCaptcha on EyeSwift and it is really a great plugin. You can add reCaptcha with this plugin on comment form, login form, signup up form and lost password form.
Well, these are the three process that i am using to secure my blog. There are lots of more ways and plugins available to make your WordPress site secured. But as my hosting provider Flywheel is giving me very nice server side security and I am also using CloudFlare to secure my blog, so I think these are enough for me to secure my WordPress blog.
Well, recently I have found that some users were registering on my WordPress site with some strange types of spam emails. So that I have limit the emails. Now users will not allow to register on my blog without using these email domain – @gmail.com and @yahoo.com. To do it on my WordPress site I have not used any plugins. I have used this code:
function is_valid_email_domain($login, $email, $errors ){
$valid_email_domains = array("gmail.com","yahoo.com");// whitelist
$valid = false;
foreach( $valid_email_domains as $d ){
$d_length = strlen( $d );
$current_email_domain = strtolower( substr( $email, -($d_length), $d_length));
if( $current_email_domain == strtolower($d) ){
$valid = true;
break;
}
}
// if invalid, return error
if( $valid === false ){
$errors->add('domain_whitelist_error',__( '<strong>ERROR</strong>: you can only register using @gmail.com or @yahoo.com emails' ));
}
}
add_action('register_post', 'is_valid_email_domain',10,3 );
Here is the details blog post of this process: Allow Registration From Certain Email Domain. Read this post step by step to learn how you can do it and where to add the code.
Leave a Reply