Join Morten Rand-Hendriksen for an in-depth discussion in this video Securing your site and managing spam, part of WordPress DIY: Showcasing Photography.
- Now that your site is live and you have the ability to share it on social media, there's one last piece of information I want to impart to you. The great thing about WordPress is that once you set up sites, search engines and social media love what you have. They automatically get spread everywhere and people are likely to come into your site. The problem with popularity on the web though, is if you have a popular site, people will try to get into your site to do nefarious things, or if you have a popular site with a lot of content, people will try to leave a lot of spam comments onto your content.
So before we wrap this up, I want to give you some very quick security tips for your site, to A, secure it from people who want to get their way into the admin panel, and B, secure it from comment spam. Here we're gonna add in two plugins. The first one will prevent people from hacking into the site using a brute-force strategy, where they try to just guess your password. To install it, go to Plugins, click Add New, and search for "limit login attempts." This is a really old plugin, but it's old because it's really good, and it doesn't really need to be updated.
This plugin does exactly what it sounds like. It limits the amount of times people can try to log into your site. When you install it and activate it, this plugin will count the number of times a specific IP address tries to log into your site. If they exceed four times and fail each time, they'll be locked out for 20 minutes. Once they come back after 20 minutes, if they fail another four times, they will be locked out for 24 hours, and so on. What'll happen is all these computers that are sitting on the web and trying to log into your site using every username and password they can think of, will very quickly realize, "I can't get into this site "because I keep getting locked out," and they'll just move onto the next site.
So it's a very simple way of blocking access to your site. The only catch though is when you install this plugin, you have to know your password afterwards. Otherwise, you'll lock yourself out. I've done it a couple of times and it can be really annoying. That takes care of some low-level security. So Limit Login Attempts takes care of some low-level security. In addition, you want to protect yourself from comment spam. Now comment spam is something you get when you install WordPress. There is a 1,050% guarantee you will get comment spam almost immediately when you launch your site.
Now there's a really easy way of preventing comment spam on your site, and that is by activating the Akismet plugin. The Akismet plugin comes standard with all Wordpress installs. It's one of two plugins that are installed by default, the other one being Hello Dolly, which does nothing. Akismet is a third-party service run by Automatic, the company that manages the WordPress project and also owns WordPress.com, and it monitors comment spam and filters out real comments from fake ones on your site.
If you activate Akismet, you will immediately get this message, "Activate your Akismet account," and if you follow the link here, you will be taken to a page where you need to register Akismet on your site. Now Akismet is not a free service, and this is where a lot of people immediately turn away. They think, "Well, if it's not a free service, "why would I use it? "I mean, Wordpress is free, "so I should be able to use it." Well, the reality is a service like Akismet actually costs money to maintain, and the service only costs $5 a month to add to your site, and adding it to your site for $5 a month will ensure that you don't get spammed.
Now to give you an example, on my site, Morton.com, on average, it collects about 2,000 spam comments a day, all of which are captured by Akismet. So this is well worth the investment. Now if you want additional security, you can update to VaultPress, which also gives you backup and restore capability, so that not only is your site safe from spam, but it's also safe in case something goes wrong on your server or for some reason you get infected by a virus and you need to reset your site. All of these things cost money, but if you're running a website for a business purpose, you have to expect to pay some money, and Akismet and VaultPress are good investments.
Now, if you want to know more about locking down WordPress and making it more secure, or backing up WordPress, you can go check out the courses we have right here in the lynda.com library. In particular, "WordPress Developer Tips: "Locking Down WordPress," which walks you through the process of how to really secure your WordPress site so no one can get into it.
Ready for the next stage? Find more courses in this series by searching for Wordpress DIY.
- Preparing to build a photography site
- Making a content inventory
- Choosing a theme and plugins
- Configuring theme settings
- Setting up menus and social media
- Adding custom styles
- Securing your site and managing spam