When I first started on wordpress development. I often have a lot of “what else did i forget to include” moments. Hence here are 4 wordpress plugins that would come in handy if you’re a beginner at wordpress and have no idea where to begin. These wordpress plugins cover these few concerns that most of the websites out there would have in mind.
Hence,when setting up your site you might want to take a look if you’ve included them.
This wouldn’t require much programming background and relatively easy to set up. Best of all, they’re available for free!
This should be your first priority before anything else.
The use of plugins written by the other developers might aid you in getting your end point quickly but at the same time it also puts you in a more vulnerable position to hackers.
So what sort of precautions should I have or can i take? Of course there are a lot paid options out there, who would take care of all these for a fee, but fret not, this plugin would help you tackle the most common intrusions of wordpress.
These are my favourite security features which you can alter via the plugin’s dashboard.
They’ll edit your htaccess file for you in order to input certain security changes. Hence also backup your original htaccess file, so just in case you want to revert the changes, you can just re-upload the old file.
Changing your admin login url
By default your login page would be your defaulturl.com/wp-admin.
Changing the slug, from /wp-admin to something else like www.soniaoh.com/adminpanel2016 ,makes it tougher for hackers to attempt brute force attacks on your password.
There are other methods such as cookie based brute force login prevention, to prevent brute-force attacks, however, do note that you can only allow one feature to be active at any one time.
Oddly, i always find some sort of thrill whenever i realise that a website is wordpress powered site. yes this is done so by adding the wp-adminin the url and landing on the login page. So please change your default slug!
To add on, its also good practice to not use “admin” as your username too.
Where? Under the tab brute force -> rename login page
of course there is a tighter security option, where you register a whitelist of IP address to have access to your wp login page.
Where? Under the tab brute force -> login whitelist
LOCKING/BANNING IP ADDRESSES
If an attempt of more than N times on your password is wrong, you can lock the ip address down and they will not be able to even attempt logging in, or you could pose a lockout period instead.
Where? User login -> Login Lockdown
Also, you can manually input IP addresses you want to ban too.
Where? Blacklist manager -> ban users
Your database, is where all our wordpress, options, posts etc details go into. By default the prefix of your database is wp_ ( e.g like wp_options etc). By changing this prefix, it adds another layer of protection, so that it is harder for hackers to guess and prevent the injection of malicious scripts.
Where? Database security -> DB prefix
Schedule regular backups of your database, and they would email it to you.
Where? Database security -> DB Backup
this is less of a security feature, but useful when you’re doing updates/testing to your website and want to restrict access. Yes, you can lock the front end from users and prevent users from viewing it and only allow viewing for the logged in adminstrators.
Where? Maintenance -> Visitor Lockdown
THERE ARE MANY OTHER FEATURES/STEPS THIS PLUGIN ALLOWS.THEY ALSO PROVIDE A TINY BLUE BOX OF EXPLANATION FOR EACH STEP TAKEN. SO FEEL FREE TO TAKE AS MANY MEASURES AS YOU LIKE! A PLUS ON THE PLUGIN IS THAT THEY DO REGULAR UPDATES AS WELL.
A mailing list? Why? This is because you get to reach out directly to people who are interested in the content you write, with updates or connect with them and gather what new content they’ll like to see. The list goes on.
If you don’t see the value of it yet, it’s ok, doesn’t hurt to keep a list of emails/contacts that you might need later on.
Create an account with mailchimp, (if you have not done so) and then create a mailing list.
Download the plugin, and via the plugin’s dashboard obtain the API code to sync your mailchimp account with the wordpress install.
Then generate a form that links to your created mailing list. Style it if you know some basic HTML, else you can let the form inherit the styles from your theme.
Place the shortcode generated for the form into any page you want the mailing signup form to appear.
First set up your google analytics account.
Then include this plugin which will link up your google analytics account to the wordpress dashboard. Then via your wordpress dashboard you’ll have a good view of the figures.
Getting more accurate numbers
Also from the admin dashboard, you can choose options like not tracking on certain roles, such as admin etc. Which is a better gauge on the numbers.
Where? Settings -> Better Analytics -> Advanced
Engagement come in several levels. For a start, enabling your wordpress comments section allows you to have direct feedback. You can further prevent spam comments via the WP Security Plugin.
Where? SPAM Prevention -> comment SPAM
Next, you’ll like to make it easy for people to reach out to you as well. So set up a contact form using this Contact form 7 plugin.
Probably the easiest form to deal with, a simple template form is given and using it’s shortcode, your form is ready to direct enquries into your email. Do not forget to include the reCaptcha field on your form too!
In a nutshell, these are plugins I’ll usually include whenever setting up a wordpress site. Be a corporate website / microsite for other purposes.
One last point to emphasis is that it is always a good practice to keep a backup of your database and your wp-content folder regularly. In case of any situation, you can always set everything straight again.
There are probably other cool plugins out there, so feel free to explore them. If you have any recommended resources that you feel should be on the list, please feel free to email/tweet me.