Secure Wordpress in 1 Hour with Free Tools | Step by Step | Baraq Adnan | Skillshare

Secure Wordpress in 1 Hour with Free Tools | Step by Step

Baraq Adnan, Student and Entrepreneur

Secure Wordpress in 1 Hour with Free Tools | Step by Step

Baraq Adnan, Student and Entrepreneur

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
19 Lessons (50m)
    • 1. SEcure Wordpress | Course Introduction

      2:20
    • 2. Secure Wordpress | Step 1

      0:38
    • 3. Secure Wordpress | Antivirus Selection and Installation

      3:47
    • 4. Secure Wordpress | Step 2

      0:22
    • 5. Secure Wordpress | Malware Scanner Selection and Installation

      2:51
    • 6. Secure Wordpress | Step 3

      0:21
    • 7. Secure Wordpress | Directories and Files Permissions

      5:00
    • 8. Secure Wordpress | Step 4

      0:33
    • 9. Secure Wordpress | Auditing Logs Plugin Installation

      1:36
    • 10. Secure Wordpress | Step 5

      0:42
    • 11. Secure Wordpress | Password Management Solution and Selection

      5:32
    • 12. Secure Wordpress | Step 6

      0:35
    • 13. Secure Wordpress | Automate your WordPress Backups

      4:23
    • 14. Secure Wordpress | Step 7

      0:33
    • 15. Secure Wordpress | BruteForce Attack Prevention

      4:10
    • 16. Secure Wordpress | Securing Logins and Changing Database Prefix

      8:35
    • 17. Secure Wordpress | Step 8

      0:37
    • 18. Secure Wordpress | Malware Scanners and Firewall

      5:13
    • 19. Secure Wordpress | Hacked Website Recovery Process

      2:18
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

54

Students

--

Projects

About This Class

Secure Wordpress in 1 Hour with Free Plugins| Step by Step

We all know the Google stats speaks louder than words that every day more than 10,000 websites get blacklisted and compromised. Wordpress Security is not difficult but it requires little effort to implement and monitoring. 

In this course, I have covered WordPress Security in condensed form and created a 8 Steps practical Guide so you can follow the steps and implement WordPress Security in less than 1 hour. 

So the whole idea is to implement the security with the help of free plugins in the quickest time period.

We will cover, antivirus and malware installation, protection of Directories and file permissions, BruteForce Protection and Login Page restrictions, backup strategy and how to automate backups, Malware scanners and much more.

So let's grab a cup of coffee and complete this pending task ! 

I'll see you in this course. 

Meet Your Teacher

Teacher Profile Image

Baraq Adnan

Student and Entrepreneur

Teacher

A Student, Professional Trader and Entrepreneur.

Expertise in recognizing market structure and identification of price patterns for potential reversal point. An active trader and live forecaster at various recognize trading forums.

Carrying a mission to make it easier for people to have financial freedom by sharing passive income strategies that generate residual income with an entrepreneurial mindset.

Learn Together - Grow Together - Succeed Together

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Your creative journey starts here.

  • Unlimited access to every class
  • Supportive online creative community
  • Learn offline with Skillshare’s app

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

phone

Transcripts

1. SEcure Wordpress | Course Introduction: Oh, hi there. Thanks for stopping by. This short course is very condensed form off work for security. If you're running a WORDPRESS website and you're not finding a time to do the security because you're afraid that you do not want to go in depth knowledge or in the standing off cyber security, then these courses for you. I have convinced this course just to make it practical so you can implement all the security mayors on your WordPress website under one hour. You can do this while you are taking your coffee lunch or at your layer on. This is totally practical step by step approach guide in ritual cover eight steps and that will go over pretty much all angles off your WordPress security. Step one. But we'll talk about installing anti wires. Step two will install moderate protection Step number three will look into the directories and file permissions have against security Step number four. We will look into how to set up audits and logs on your website. So, in case of any inconvenience, you can easily track which plug in or theme cause the issue or which user had made the changes which caused the inconvenience. Step number five. We will talk about possible management options because more users you and have it will be difficult to remember all their passports. So how passive management solutions can help us? We will install free plug in for that as well. Step number six will configure automated backups. Yes, Step number seven. We will secure the front gate will secure your log in page from brute force attack will configure different security options on your log in page on, This is all we will achieve with help of free plug ins. Step number eight And that will be our final step and ritual installed scanner on your website so you can scan your website for malware or any malicious code, and this will also help you to fix any issues that occurs on your website. So these are eight steps that will pretty much cover all angles off your WordPress website . And finally I will discuss you the approach that you need to adopt in case your website get hacked or compromised or in fact, it at what process you need to follow in order to bring it to the business as usual. Okay, Interesting. So without wasting time, grab a cup of coffee and roll now and let's start this 2. Secure Wordpress | Step 1: okay, It's a very first thing you need to do is to install an anti virus in your computer or laptop. If you haven't penciled, this is a good time to do it. Well, look into some free options that are available, but I would recommend go for EVD. Extra free on it will do the job, install it updated staff a nation and give it a full skin on the reason we want to install anti wires that no matter how secure we make our website. If our machines are infected, the computer or the PC's or laptops that we are using to excessive website, then the chances off our website getting hacked is higher, so install anti virus. 3. Secure Wordpress | Antivirus Selection and Installation : Okay. Welcome back. Now, here's a page that have compiled for you. I will put its link other on the screen or in her source section. And here I have combined all the discount coupons that I could have found for decent softness that we will be talking about in this section. Here, you will see all the different anti viruses we will be talking about. Mulled wears except rec center. Okay, Now, let's have a look into very first anti virus. This is bull guard premium production. They call it Andi. Uh, the reason I like it comes with the with the really decent features like encrypted cloud backup, identity production, parental control. Okay. And this software is available for both Mac and Windows operating system on building fireball as well. Now here they're selling it on roughly £70. But if you go through the links, I have provided you on the resource link. Let's say if you click on this, you will get a 60% discount, which mean the complete package will get in under £30. Okay, which is a decent, you know, and anti virus is about £20. Uh, roughly as we talk about, So, Yeah, The 1st 1 is a bull car. It's really good. Available for both Windows and Mac. The 2nd 1 we're going to look into is called Vast, and he wears okay. And this one is also available for both Windows and Mac. And here you can see the pro anti virus package, which is about 50 euro. It contains intelligent anti where cyber capture behavior shield. Smart scan sandbox. This is good. If you're testing WiFi, inspector browser, clean up the passive more. Okay. And here they're selling it. 50 euro. But if you go through bottlings, you will get a 20% discount. Okay, so this is the 2nd 1 Again, these Softwares have a free version as well. But I have already stated my opinion about the free versions. These packages are available on trial basis to so you contest it, whatever you like. You can keep it for your system. And the terrible and I have is Casper Sky. This is really good. You're running about 40% offer at the moment, a person like this and it comes with a bolt antivirus and malware protection. The total security that includes Internet and anti wires is about $60. And again the free trial origin is also available and you can see whatever fits your need. And the last one I'm going to discuss is McAfee. This is also good. They're running some offers about 40% of 50% discount. 50 person. Okay, as you could go for the total protection or anti virus if this is what you are looking for again, guys, these are under 30 or 40 quid, Not much money compared to the benefits. You are going to get out off it, okay? And these old Softwares are compatible with the Mac, and you can install it on two or three devices. I think that's what they offer again. The whole idea is pick whatever suits your need, go through with them, go through with their features, get it on installing, offered installing it. I will encourage you to set your PC for a full scan on. I would also want you to do the scheduling weekly based schedule or monthly basis scheduled to scan your entire PC or your external hardest, because the anti wears their leaves a lot of definitions and good to update them and then scan your system. And since the title off the course suggest all free tools, we will be using a veggie for this purpose. Every G comes as a free version as well. Here you can see the link. You can download the sulfur from here, updated staff nation and give a full scan, and you can find the link off the software or the same resource page as well. Under the Muller section here. Everything okay, so installed is given full scan on Let's talk about malware. 4. Secure Wordpress | Step 2: I think I should have a drumroll. Step number two. OK, now we are going to install Malware scanner in our PC. And for this, I will ELISA just go for modular bites. They offer a free version as well update its definition and give you a system full scam. Okay, so you have anti virus in place and you have malware detection solution in place as well. Okay, so let's do it. 5. Secure Wordpress | Malware Scanner Selection and Installation: Okay. Welcome back. Now here we have four malware protection solutions available, and I have scavenged to discount coupon for you on the same page. Okay, we have a Casper Sky Muller bites EVD anti bars and marble remover on also Mac Keeper. Total Security solution. The 4th 1 This is basically for Mac only. I am kind of window person, but my colleagues, those who are using Mac operating systems for Mac computers, they recommended This is the best one. So let's talk about them. My favorite is Mother Bites. It's a roughly £35 per year. One pc. Again, it comes with a free trial version and 12 or 14 days we can try this on. The paid version is for £35. The free version comes with a basic facilities where it does the job, darling, up to you, whatever you choose. So we have moderate bite. This is my favorite one. And the 2nd 1 we have is a Casper Sky. We have already discussed this particular package provides both antivirus and malware protection. Support on it is also available on 40% discount. The 3rd 1 we have a B G anti virus This is good software. Also available as a free version with the limited features where you can purchase it. If you want the full package and it will cost you £50 a year available for free download and pretrial you contest with us Pretty good one. Pretty good one, I would say. And the last one, as I talk about is Mac Keeper. This one, You can download it. I think it contains about 11 different solutions within the same package on, uh, you get a 20% discount for this one. So this one is for Mac operating system. So among these four solutions, you can pick anyone I personally use. Muller bike. You have options off four with the discount coupons. Whatever fits in your budget, would our efforts and your your protection theme just go over there again, as I send. Some of them are available as a free as well. So among the free versions, I recommend Mother Bites. You can download this software through this link on. Also, the link is provided on the resource page under the malware protection section. OK, so once you will install this update its definition and give it a full scan. So this is the best one I've observed and seeing an experience so far, and it's really good in picking up the mulberry. So installed it give you a system full scan on we move forward towards your WordPress because the whole idea is if you are securing your WordPress and you're not protecting your PC or laptop, then your administrator account can be compromised very easily. And, you know, once you have access to administrator account, security means nothing. Okay, so installed is given a full scan on Let's move forward. 6. Secure Wordpress | Step 3: Okay, now the step Number three. Now we are going to protect our directories and files on the way we are going to do it. We are going to manipulate the file permissions. WordPress. They do suggest that your directors should have 755 and files should have 644 permissions. Now let's learn how we construct explanations. 7. Secure Wordpress | Directories and Files Permissions: so work Presser command certain permissions for files and folders. We are here at wordpress dot or website, and here in this article they have explained pretty much what we need to do. Justice came over the permissions Come in the three sets. The first number represents the user. The second number represents the group and the third number represent the whole word. Okay. Or public for example WordPress or commend all your files should have 644 permission and all your folders should have 755 permission. Okay. How this work? The first number represent the user. Okay, user as the owner. But what kind of permission and owner should have the second number represent group? What kind of permission a group member should have, including you and the system Dennard uses as well. And the third number represents what kindof permissions a public should have now a number seven mean a user should have read, write on execute permission. Ok. And here in the group number seven means a person the owner off the folder. Plus other people Those are a member of the group would have read, write and execute permission and the third number again. The word would have read, write and execute permission. Can you see having or giving Triple seven permission toe. Any directory can put you in dangerous hands. Basically, you're opening this to the world. They can do anything inside. So never ever gave triple seven to any directory. Okay, now we can set these permissions by two ways, okay? And I will explain you when I talk about read, write and execute permission. That how this entire figure off? Seven. Make it up. Now, let's go back to our dashboard, the C panel dashboard, and see how we can change the permission here. I'm in my C panel, and all you need to do is to look for file manager, Click on a file manager. It's like the Home directory show Hidden Files and click. Go. Now, here I am in my file manager now, at the right hand side, if you can see there is a column called Berms or permissions. Okay, you can see 755 for the directories and 6444 the files. If you want to change your permissions here, all you need to do is to click on this number and you can change the number. Just type in 644 or 755 and click Save. It will change the permission on this file. Okay. I think the more in duty way off doing this is through the FTP panel. Let me show you because that give you more granular flexibility. Now let's connect our website where ftp and see how we can change the permissions there. Now, here I am, connected through the f t B. And I can see all the files and folders hair if you notice here you have a column off permissions as well. Okay, so your folders have 755 on your files. Have a 644 permissions. Okay, if I right click on any folder and goto file permissions click there. And here is a dollar box under the owner permissions. If all three are checks that mean seven Okay, let me demonstrate it for you. Okay? Just uncheck all on, Jack. All Can you see if I select the owner permissions all off them. It will give me seven. If I just to select, read and write, it will give me six. If I just click the read option it will give me for. So the read option. Have number four. Right. Have number two on Execute her number one. So, in total, if you plus all off them, it's number seven for less. Two plus 17 Okay. And similarly in the group permissions, you want to give seven and execute. Okay, so this will give 75 and the next doctor is five again for the public. You just want to give them read on execute. So this is the recommendation you can give your directories. 7552 since 755 were selected. Now what we can do, we can select this option and we say apply to the directories on Lee. Get. We don't want this permission to apply on the files. So we consent this option on Lee so it will cascade these permissions to the falling folders as well. Okay, so this way you can change the permissions off your folders and same thing. If you want to do on files on Lee, you can select this option and it will only implement the permissions to the files. And again make sure the files should be 644 8. Secure Wordpress | Step 4: or get Welcome back now. Step number four. At this time, we are going to install an auditing plug it the reason we won't install this so we can see the changes we are making or the changes our subordinates are making. Those who are interacting with the Web site when objects are getting installed and who is making changes on your rap side. This is very important, so you can trace it in case off any inconvenience. Even if your website get infected, you can trace it back. That which plug in or team update had caused this issue. Okay, so let's install this plug it. 9. Secure Wordpress | Auditing Logs Plugin Installation: plug in that I would like to share with you. And that is called WP Security ordered law. OK, so you go down to plug ins, add new, and here you type WP security audit and this is the tool or plugging you need to install. Let's click and stole now active it. Well, I'm showing you now to install it, but make sure when you will be establishing your security protocol for your website. You have installed this at that time, Okay, so it can log all the activities because once the damages occurred and then there is no point issued, installed its log capturing plug ins because they won't be able to capture anything because the damage is already done. Okay, So make sure when you're putting all the security plug ins in place, you can install this plug in first and then after for your security protocol. So once you will install and left hand side, it will show you and many of for audit log and there you will be able to see all the activities off your website. I mean, it goes in a lot more detail. It's like it gives you information who looked in what time on what changes they have made. Any updates that I've been done to your plug ins or your teams Post publications editing. You know, the information is huge. And I will definitely encourage you to use this. We could, just to recap the purpose off this plugging is to look all the activities that is happening on your rap side. This will be so useful. Once you will have any inconvenience on your website, you can trace it back. That who has made changes last time who was logged in last time and the changes that has affected your website. Okay, so it's a very important Le Guin. I will highly recommend you it and stroller. Okay, let's move forward. 10. Secure Wordpress | Step 5: Okay, so step number five. You know, the weakest link in the security is a weak password, and quite often we use simple passwords just because it's easy to remember. And we cannot produce different parcels for plenty of platforms that we use. For example, different passwords for our website Facebook, Twitter, instagram, social media accounts for email services for hosting etcetera, etcetera. You know you can name it. So it become really challenging to create different passwords for all these services. And that's where password management systems comes in. OK, so now let's talk about what solutions we have and install a free service called Last Pass . So let's start this. 11. Secure Wordpress | Password Management Solution and Selection: Okay. Welcome back. Now let's talk about the password management solution. So have a two solutions for you. The one is Robert form on another one. It's last pass. Why do we need password management solution? Mainly for a number one reason that we should use complex password on different passwords for all our online activities. For example, if you log into our laptop, we should have a password. If we look in tow, our website, we should have a secure password. And of course, if we check over emails Amazon account, Facebook, social media, etcetera, etcetera, all those accounts should have a different passwords. But the complex passwords on it is very difficult for us to remember all the complex passwords all the time. So most often what people do, they pick one password and replicated across. And the problem with this approach is you're all accounts are actress. If you're one account, get compromise guesswork. Rest off them are already at the risk in those situations. Possibly management software's help. So what they allow you, they allow you to pick any complex password which you don't need to remember. And you only need to remember one single password which is the master password, which you put on once you sign up for these services. So basically one master password and then these packages contain all rest off your passwords. All you need to do is to install one off the package, and you are good to go. Now, let's have a look. So here, on the same page, you can click on any off this link. We have a rubber form, and we have last path, and it will take you to the respective pages. And both of them have a free counts and paid Oregon as well. So here we have last pass. So and they sell the premium package as well. Which is, I guess, travel $13. You're a dollar a month. So said $12. Okay, which is just peanut compared to the services and the support you're getting. Andi, let's understand what exactly last bus is and how it can help you. So here we have, ah, tutorials as well. So let's go through the 1st 1 So, you know, this is a complete management solution, as you can see, um, you know, you can access your older applications through the different platforms So what exactly it is what you need to do is to once you are on the website, get the last cross free. This is a free virgin. You can get the paid version as well. By going through here. Forget gold and gold premium. Once you will download it, it will install a browser extension. Here at the corner, you can see these three dots. This is extension. And once it will installed extension, it will ask you to sign up. And you have to obviously set an email address and master password, which you have to remember. I want you click on this link. It will show you all the features that are available to you. You can insert the sites that you want to store with the password. I will show you one off the example how we can do it. Okay. On another good feature off this is it comes with a possible generator so you can generate secure password and it will generate power surge for you. You click this circle and agree Fresh random passport. You can pick any password for a new service. Okay, so this is last pass password management solution on the 2nd 1 is rubble form, so let's hear what they have to say. So it's a similar service we just talk about and it's available for different platforms. Windows, Mac, android, IOS. I think the cost is about $19. That's gonna by now shares the 1995 about $20 for a year. Okay, which is good. So you can pick any of the package which suits your need on which you are comfortable. But again, both packages half reversion to contest and see, um, which one works for you and just take it from there again. The same approach. Once you will click download now it will add your browser extension. See this extension over here If you click on there and these will show you the options on again, it comes with the generate password functionality to so you can create it. Secured password. Now, since we are talking about passport on why it is important that we pick the secured one. There is another side I'm going to share with you on. This is how secure is my possible dot Net. Okay. So you know here you contest brother, your possible is secured or the likelihood off it's getting had. How long it will take for somebody to crack your password. You know, the most common one people use is admin. 123 And you can see it will take only one minute with brute force. And they can crack the password. Is all the shoes a complex password. So, as a free tool, I will encourage you to install last pass and sign up for the service. It will definitely make your life easier. Okay, Now we have covered anti virus malware on the passive management solution. Now, let's talk about your WordPress and how we're going toe. Secure it. Okay, I'll tell you next video. 12. Secure Wordpress | Step 6: Okay. Welcome back. Now we're going to follow step number six, and that is we have to set up our backup strategy When it comes to back up, it has to be automatic. We are human. We can forget. We could have different commitments. You know, someday we will take it. Someday we will forget it on usually the day when we forget taking backup. That's the day when the issue starts. Okay, so it's absolutely pivotal that you take your backups regularly and you automate this process. No, let's install one plug in That will help you to automate this entire process. So let's do it. 13. Secure Wordpress | Automate your WordPress Backups: Okay. Welcome back. Now let's discuss backup. I would say your business success depends upon how often do you take the back of? Especially if your business is online, because it's such a crucial, on important element that you only know its importance. Once you hit with a problem, I think you guys will agree with me. Updraft. Okay, again, this plug ins offer a free service which is great and also a premium service. Okay, which is even brilliant again. And it includes integration off external services as well. You can integrate it with the Dropbox will collect Dropbox in our example as well. Plug ins are new and here I'm going to search for updraft. Plus Okay, there's over. Plug in. So it's a one plus 1,000,000 active insulation five starring in a brilliant tool, Brilliant, brilliant plug in So installed this and activities. And after activation, it will appear under the settings. If you go into settings, you will be able to see their so click on the option of draft plus backups. And here they're showing three options. You can back up now you can restore and you can clone and migrate is basically if you are creating a website for your clients on this is your testing website. Okay. You can easily clone it and migrated on their server. Okay, There's a great extension. Protests, a premium extension. Okay, let's go to the settings on the settings. I can save files. Backup schedule. Okay. It's a manual. I can say every four hours, eight hours, 12 hours or daily. That select daily. Okay, I'm done of his backup. Okay. Daily. Okay. 13 2 copies. And here I can choose. What options I can go with Aiken. Check the of to be or get it will have to be mine backups somewhere I consider the drop books. Okay, we are going to check the Dropbox, but this also can be integrated with the Amazon Services Microsoft resort on Google drive. Okay, so it's a brilliant tool. Let's select Dropbox. Okay, Now I'm going to select options. Yes, back of my pains, plug ins on the uploads and any of the doctors found inside WP content. Okay, I can select this option. Just email me as well. Once you will be able to complete your backup, save the settings or changes, and then it will ask us now connect your Dropbox. Okay, Click on this link and follow the instruction. Now, here it is, asking me to provide the log uniting and password off my dropbox account. Okay, I will fill this information. And now it is saying to complete the set up off grow box, press the button below on this will take you back to your updraft plus settings. Okay, click this option. And here I'm good to go on. Now it is creating a backup for me. And that's how simple it is. Now we have changes settings on daily basis. It will create a backup, and it will send me the email as well. And this is the email that is specified here. Okay, so that was a free version. But if you want to use their premium extensions like, you know, if you want to create multiple sites back up, check this option, and here you can see under the free. You will be able to do this only this option. And under the premium and gold, you can do additional and enhanced remote storage locations, clothing in migration, fast person support, pre updated backups, network, multi side, back up time and scheduling. Okay, More diverse options. No ads in borders, lock settings. Um, updraft. Bold story to accept on EC sector. Okay, so if you want to, you can upgrade. But the free version allows you to back up your side easily with the help of scheduling. Okay, create a backup off your WP content where your teams are, your files are on your database. Okay? Not anything outside off your award. Press directory. Okay. So, brilliant, tool. I also use this for some of my blog's If you're not going for any paid version or you're not buying any tools and this should be your first choice when it comes to taking the backups, Okay, At least it is automated, and you don't have to take pain, okay? They were doing for you every single day. I could notify you through the email. Okay? 14. Secure Wordpress | Step 7: Okay. Welcome back. Now Step number seven is protecting your main door. And that is protecting your log in page. In this section, we will install free plug it that will help us to protect the brute force attack. And also, it'll facilitators. In securing our log in page, we will be able to change the name off Edmund or Adminstrator users we can limit their log in attempts will configure brute force protection options on. We will also change the database prefix. Okay, So very interesting lectures. And let's stop this. 15. Secure Wordpress | BruteForce Attack Prevention: see when we try to put logon ID and password. If it rejects, it will give the option again. Try again. Try again. So we have to limit that. Try again. Process like, you know, just give us three attempts. After that, just low cover account for an hour, and then after we will be able to try it again. Okay, We shouldn't have any problem if we are using any possible world or password management solution. Like, you know, I'm using last pass, so we should be able to find in the first attempt. But again, we can give ourselves three attempts, and that's how we can protect. As you have seen in a brute force. They attack thousands and thousands of times. So what if after third attempt, the system will look their i p or look them, they won't be able to hamper our website. Okay, The same two on WP security is going to help us. Okay, let's head towards the dashboard. And here under the WB security, I want you to click on user Logan's. It's a very comprehensive tool under the user log in here. The option is enable organ locked down feature. Okay, If you will press this, this feature will enable Let's go through these features first. Allow unlock request. Check this if you want to allow users to generate an automated unlock request link, which will, unlike their account, we don't want this. Okay, We want them to be locked for Italy. 60 minutes. So maximum log in attempts here. You can give three. Okay, Logan, Retry time. Petered. Five minutes. Okay. The talent off. Look out to set the length off the time for Rich A particular I P address will be prevented from logging in. So that's the 60 minutes time, Peter. Okay, we said in the minutes. So if the person will try three times on the I P address will be locked, that person won't be ableto try it again. Unless until for another. Okay, the display. Generic Adam messages. We don't want to display any other message. Okay. And here's option instantly. Lockout, invalid user names. Okay, Check this. If you want to instantly lookout log in attempts with the user names which do not exist in your system. Okay, We can check this, but it will increase the less dramatically because people can use different longer nineties again. This is all automated. OK? And then we have instantly look out specific. Use the names again. If we are noticing through our logs that certain people are accessing order, try toe, target our websites through certain logon id's. We can put it here also, we can mention here admin and administrator since we're not using those ideas anyway. Okay, so it's worth if we put adminstrator or admin hair, any person will try through the admiral Instructor will lock down straight away. Okay, So can you see now how important that is that if we don't use admin administrator on you know, it can make our life easier and long run. I'm gonna check this option if we want to receive this. An email. Okay, so let's enable this feature on save the settings. So this is activated. Any person who will try to access our website will only have three longer terms. Okay. After that, the person will be locked out. Now there Other features available in the same module. We have failed Logan records on this will show us how many people have failed to Logan. The reason I'm showing you although this is a very demolition I'm working on. Somebody has already tested log in attempts. Where? Edmund On Brock. Media. I d people are trying to guess. Bless them. So here in a force log out here, we can force people to recreate a session after 60 minutes. Okay, It will force them to real organ in our system after 60 minutes, I would say. I mean, if you are using a calmer system, don't do it because, you know, people can take time to surf around and, you know, do their bets. But this is also another option available here. This will show you the account activity. Looks on here. You can see the people, those who are logged in real time. This can also give you a sort off real time view. Who is accessing your website? The logs are look like OK, so this is how you can limit the logging attempt for your WP Logan dot pH people okay? 16. Secure Wordpress | Securing Logins and Changing Database Prefix: we have what presents told And we are looking into the security how we can change the table prefix how we can change the user credentials Now bear in mind. What if this website is already live in production? The administrator off the website waas publishing posts Even if you will create a new user account, the post that is being published by Adminstrator will still display the administrator account information. OK, so how we can change those posts to the new account will look into that as well. Okay, so let's start by installing one plug in and that is all in one WP firewall. Next overlook the Here I am in my dashboard and I'm going to click on plug ins and then click add new And here I'm going to search all in one WP security. And here is the Blufgan. We are interested in all in one WP security and even see more than 500,000 plus installation on all five star rating. Really good. And they made the last update just two months ago. So let's click on install and I'm going to activate this. Once this plug in is installed, you will see on the left hand side. WP security. Okay, now here it will give you a range off options. And this is a very, very powerful plug in. And I will encourage you before you implement anything from this plug in. Take a back up off your site. You know, keeping a backup off your side is a great habit because you never know if any of the plug in meself with your settings, you can still restore it. Okay? So always take the backup before making any changes to your life or production website. Now, here we are in a deputy Security plug in and we are going to select user account. Now, this is showing All is OK. Here. We have three taps. WP user day display name on the password. Okay, use the name is basically the account that this website is holding, and at the moment you can see all is OK. Ok, but it's worth reading. What is mentioned here by the fold. Wordpress sets the administrator user name, toe admin at installation time. A lot of hackers tried to take advantage of this information by attempting brute force Logan attacks where they repeatedly try to guess the password by using admin for the user name. And we have taken extra precaution already, and we have changed the user name. Now, this is our user name. Okay, Now let's for the sake of demonstration. Let's create an account. Okay? I'm going to the users going to add new user and the new user we want to create is Edmund. Okay, let's give it the email. And OK, we're giving this. Let's use the password, Lex. You know, I'm gonna put a week password in selectively password. I'm going to say it's similar Administrator. Okay, Just bear with me and I'm hating. Add new user. Now we have to users Bolt are adminstrator in our list. Now let's go back to WV security and click user accounts. Now you will see it has already picked up that you are using admin account. Okay. Your site currently has an account which uses the default admin user Him. It is highly recommended that you change this name to something else. Use the falling field to change the admin user name. Now, the reason I have replicated this in case you are using Edmund or you are putting security mayors in place, and you have found that you have admin account in your website. Now, this is how you can change it. Okay? It will display you a field. Here. You can select a new user name, which will be so you're replacing Edmund with this year's the name. Okay, So changes on him. I guess an election required. All is done. So the admin has changed to this one on one. Let's go to the second option, which is display. Name the hair. Just saying all is OK that our user names on display names are not same. Okay, let's go back to the users section. And here. If I select this user at it and you can see this display name is admin. However, our user is t nine new. You wanna one? Is this a good approach? Well, let's think from the hacker's point of view, okay? We are displaying admin to hackers. However, other account is t nine new. You wanna want this one? Okay. Basically, we are presenting to hackers that you know, we are using admin. However, in reality, that's not the case. And no matter how much try to do with admin, it's not gonna work because we know our use. The name His note. Edmund. Ok, that's another strategy to display a week user name. But in reality, keep a very strong use. The name of the back end. Okay, so now you can see there is no contradiction. Let's go back to the WP security user accounts in here both heart green. We are good to go and a display it will show you after if your user name display name are same. Okay, You have to change it. And the password you can donate postured from here for the password. You can see poor pastor selection is one of the most common weak points off many sites. And this is basically start typing password if you don't put any power overseas saying it will take one second. So, since we are talking about the password, let me share with you a couple of tools. The 1st 1 is last pass generator. Okay. If you haven't install it, you can access it. Why this web link? And here you can generate secured password. Okay. And if you happen to install last parts in your computer, all you need to do is to go to this option or extension icon. Click on this extension icon, and here you will see the option off. Generate, secured password. Click on this option and it will create a password for you. Okay, You can copy based from there and other research. That is interesting. That I talk about. This is keeper security dot com. Okay, They published a paper in 2016. 25. Most common passers off. 2016. Look at this list. OK? 123456 That's the number one password. People use alacrity. Okay. And dressing one. So make your your password is not in this list. If there is, you know, you can please do change it because this list is a level on the internet and you can access it. Why the link? I will also put this document in their source section. Okay, so let's go back. They were looking to the user account. We know how we can secure them. Okay, we will talk about the user accounts in a little bit more details from administrative point of few. Okay. So just bear with me, okay? Now we're going to change the data for security. Let's click on database security now. Here it has picked up that your site is currently using the default WordPress db prefix valley, which is WP underscore. Okay. To increase your sides security, you should consider changing the DB prefects value to another value. Okay, now, if you click on this option, check this If you want the Blufgan to generate and random six character string for the table. Perfect. Okay. And we're fine with us, okay? Or otherwise. Unchecked this and you can put your prefix and I'm okay with this. You know, like it. Create on before you changing your db prefix. It is always recommended to take the back up. Read this caution as well. It is recommended that you perform a DB backup before using this feature. Okay? No hair on the top. You can see there is a DB backup option. Click there and you can create a DB backup. Now click this option and it will generate a backup for you. Okay. Not assuring that your backup is store a dislocation. And if I've configured my email, which I have, I will receive a backward email as well. Okay. The great tool a very great tool. Okay, now let's go back to the DB prefix. And here I'm going to select this option and I'm saying change Devi prefix backup Copia off your WP conflict dot PHP file was created successfully. 18 tables had their prefix updated successfully. So the prefix has been changed on the reference to the old DB prefects has been also updated. The DB task has been completed, so excellent. OK, so this is how you can change the prefix off your database without going back and doing it manually in my school admin panel. Again, this is a safer approach. 17. Secure Wordpress | Step 8: okay. I think I should definitely need a drum roll. Now. It's the final step, and it's a step number eight. In this section, we will install anti malware scanner on your website. This will not only help you to scan your website for malware infections, but it will also offer you fixes. In case there is any issue. This particular plug. It is also important to detect any malicious gold on your web side. The bloody name is anti malware. Security on brute force Firewall on insured. It is also called. Got Em, Ellis. Plug in. Okay, so let's install days and play with this one. 18. Secure Wordpress | Malware Scanners and Firewall: all you guys Welcome back. Okay. In this section we will be talking about the scanners and malware detectors, the very first tool that we are continuously talking about. And let's finish this off on that is WP security or all in one security. And here, if we go into the scanner option and click there, it will give us option to scan the files. Not only the WordPress, but outside the WordPress as well. And the muller scan the file change detection, Basically, how it works. You scan your website first, and that scan is basically held as a benchmark. So if next time when you will run the scan and if this plug in will find any changes in those files, it will notify you as there are certain changes, because sometimes from a hacker's point, if you don't create a new files, they don't create new folders to do their malicious work. What they do, they explored existing files the add extra court in those files on which work for them for their daughter work. Okay, But on the surface, if we see all the files, there seems system files. Or maybe, you know, that comes with the WordPress theme. How we will get to know if certain father change. That's where this tool is handing so you can scan your entire work per side. And then after you condemn these regular scans to see whether there are any changes or not , check this option. If you want the system to automatically periodically scan your files to check for the file changes based on the settings below. Okay, extra four weeks so monthly basis. Or you could do one week basis as well. Okay, file types to ignore. You can put hair images or CSS files or, you know, Js file, but I would say no scandal in dark side that is recommended here. You can mention the directories that you don't want to scan and check this option if you want to receive an email attend off today. Okay, so this entire process will make it prodigal. Scanning for your files Basically again, there is a difference between Marder scanning on your files. Scanning the file scanning is basically checking the consistency off your files. It's nothing has been mortified in your existing files. OK, and moderate scanning is basically checking for the Muller's or any additional bit that can harm your rep. So the first option was filed. Change detection. The second option moderate scan on that is a paid option. If you click here will give you option to scan it. But we have to purchase this bit. Okay? The rest of the stuff is free, but here you have to pay. You won't find any plug in that will give you 100% all the security solutions, but free. Thank A because that model doesn't work. That you are doing a great job for people and not getting paid. And on top of that, providing them support to Okay, so you will find all the security plug ins are doing best into certain things, and then after they will ask you to pay for certain parts. Okay, so here in the scanner, you can do the file consistency. Check that is free. And you can schedule that as well. Another option in this stool is a firewall. Let's go through this. It's very handy. Well, I have selected a basic viral settings. If I click here more info, I can see the this setting will implement the following basic firewall protection mechanism . on your side. First, protect your HD excess filed by denying access to it. Okay. Disabled the server Signature limit file upload sized 10 and be so people won't be ableto. For example, if I have to stuff the server and there is no limit on upload folder, I will probably upload thousands off gangs just to freeze everything. Basically slow down everything. Probably your several freeze. So you know that will limit them to upload anything. Even if your website get compromised, they won't be ableto upland more than 10 MB. Protect your WP conflict filed by denying access to it. Okay, I think we already did that. But this plug in will do for you. The above firewall features will be applied. Why? Your daughter HD access file and should not affect your sights. Overall functionality, You are still advice to take a back up off your active dot HD access file. Just in case. OK, before implementing any security rules. Always take a back up, you know. Ah, that's a must step. Okay. The next tool we're going to talk about is anti malware. This option. Okay, let me click this. There's anti malware from God. MLS dot net. Okay, it's very good what it does. It's a free Muller scanner and you can scan your website public HTML WP content or plug ins . But it's not automated. You have to do it manually. OK, But in order to get there a premium support, let's go to the firewall options here. The brute force protection not installed. This will only be installed once you will do it. Them money basically Okay. On the right hand side, they're asking for the money. Ah, but you can scan your website quickly from here. This is a free tool. Again, A part off this tool is a free which is scanning and five old protection. You have to pay for this option. 19. Secure Wordpress | Hacked Website Recovery Process: Okay, Now let's talk about in case your website get compromised The steps you need to take Now this is a very condensed version off what you need to do. But that will give you a good start. Very first thing you need to do is to scan your computer or laptop for anti virus. OK, give it a good scan and then also initiate a scan for the malware detection. While these two scans are taking place, you can check the status off your website wire on external scanner. In this case, you can use external scanner and that is subject or security. Darkness. The offer. Free service. All you need to do is to place your website address in the search and they will provide you infection. Report that where the problem life and again we are assuming that definitely your website hard mulberry issue or it's been compromised. Okay, Another source. You can also check the Google search console in case you have register your website through there. OK, Google notify you in your search console area in case to find any security issue with your upside. Once we have third party external scanners in place, you can scan your website with the gold MLS plug in the plug and we installed. Okay, go through your ordered log and identify who looked in last time and what kind of changes they have made. It could be also auto updates as well. Finally, combined all the reports that you have gathered through the order. Log on the external scanners and communicate with your hosting company and provide them where you have found a problem and how you gonna fix them. This will help them to assess whether any other website has infected or are sold on your website and they will be happy to support you with this. I hope you have found this condensed security course valuable and implemented these steps on your website again. If you want to learn more about security and in depth analysis, please take my master class and you will be surprised to see what other options are available and how we can take security to the next level. On this note, I would like to thank you for your time, and I'm really hopeful that you have found in value in the scores. As you might have noticed, my old courses are pretty much practical to join me in this journey where we can share valuable skills and make passive Inca monomers. Brock and I'm committed to deliver value. I will see you mother courses. Thank you.