tekSolution: Protect & Defend against attacks on Wordpress | tekAura | We squash Bugz

We squash Bugz

Wordpress & Drupal, Integrations & Migrations, Admin & Software Dev

tekSolution: Protect & Defend against attacks on Wordpress

Recently, we published a support article on our knowledge base regarding how we have implemented security measures on Wordpress websites.  Because we think this information is valuable to everyone, we are elaborating here on the topic.
Security is an increasing concern for Wordpress websites, especially since the rise of bad bots on the internet last year.  These automated bad actors may be doing anything from scanning your website for security holes up to an including performing brute force attacks on your login page.  So, don't let all your marketing efforts to drive traffic to your website by halted by these potential issues and follow some simple steps to improve security on your WordPress website today.

NOTE: This guide is meant for shared hosting accounts.  If you have a VPS (Virtual Private Server), consider other/additional measures that work on the server or network level, specifically related to blocking malicious traffic, so that you can stop it BEFORE it hits your application.

Create a backup

Before making any changes to your website, it is always a good idea to backup your files and database.  How you go about this largely depends on your website host.  If available through your web host, use that (usually).  However, if that option is not available, we recommend using UpdraftPlus. You can even take this a step further and turn on maintenance mode, in order to prevent your users from accessing the website while you are making changes.  Or better yet, use a staging or local development environment.

Install some plugins

Decent security doesn't require a subscription.  The beauty of Wordpress is its large library of community supported plugins.  Sure, there are paid levels and services out there.  However, if you are growing, you might not have hundreds or thousands to spend.  We have found that using a combination of the Wordfence and AIOWPS (All In One WP Security) plugins, offers many of the most important security features available on the market:
  • Scheduled virus scan
  • Monitor file changes
  • Monitor available plugin updates
  • Brute force protection
  • Firewall

Some basic settings

After you install these security plugins on your WordPress website, it is important to make some changes to the configuration.  By default, many of the available features are not turned on and for good reason.  Some security features may lock you out of your website.  So, check to make sure your backup and restore plan is done and available (see above).  When you are ready, download & import our configurations for Wordfence and AIOWPS.
If you do choose to use our default configuration files, please note the following changes to your website that may affect you directly:
  • Your WP login URL is now /knockknock (Ex: http://example.com/knockknock)
  • You will need to log in every 60 minutes (authentication timeouts are enabled)
  • Email alerts are set up, but might need to be altered (Wordfence > All Options > "Where to email alerts" & WP Security > scanner > "Send Email When Change Detected")
  • After 3 failed login attempts within 5 minutes from the same network (public IP), attempts from that network will be locked out for 1 hour (WP Security > User login > Login Lockdown)
  • After 20 consecutive failed login attempts within a 4 hour period, that user will be locked out for 4 hours
If any of these restrictions are too restrictive, please make the desired changes.

Limit your Admin

Last, but not least, it is a good idea to only grant admin access to an account when and if it is needed and no more.  Many times, a breach occurs when no one is watching.  So, the logic here is if you don't currently need admin access to the website, disable it.  The best way to accomplish this is to:
  • Create separate account(s) for editing content (and set the user role to editor, or less if editor is not necessary)
  • Change the role of admin account to subscriber when not in use
The quickest way to change WP account roles is to use the Wordpress Command Line Interface (WP-CLI).  If your web host has a console option available, via cPanel or their website, use that.  If a console is not available, but, SSH access is available, generate an ssh key & add the key to your web host account, using their instructions. If neither is available, you can also manually change the role in the database. However, this is the most complicated of all options available and is prone to human error.  Ideally, if you can access WP-CLI via a web console or SSH, use the following command:
wp user set-role {username} {role}
For example, to change the admin user's role to subscriber (disable admin access), run:
wp user set-role admin subscriber

Last, but not least

Ask for help.  If you get stuck, look to your available resources.  Your web hosting provider and keyword searches can be great resources.  And if you would like some personal assistance, please don't hesitate to contact us.  Let's make the world a safer place to do business.

Share this:


I was hippie-born, raised on Science and Invention on a nuclear mesa, SCAdian before I knew the Society, Technomancer before I played the game, creative genius breaking the shackles of Corporate America.

Owner of tekAura, an Information Technology & Design Consultancy involved in projects concerning Human Dynamics & Sustainability in relation to Computing and Technology, Collective creativity & Hackerspaces, SaaS & Cloud Computing, Home & Manufacturing Automation.

Artfully applies Sustainability, Disaster Recovery, Open Source and Agile Industry Best Practices to boost innovation and facilitate Organic Collaboration and Continuous Process Improvement.

    Blogger Comment
    Facebook Comment


  1. After you've gotten your files onto your site, you now need to configure your WordPress installation. And when I say configure, I mean WordPress will do almost all of the work for you.managed wordpress services

  2. That is really nice to hear. thank you for the update and good luck. Brizy review

  3. This article gives the light in which we can observe the reality. This is very nice one and gives indepth information. Thanks for this nice article. clean wordpress site

  4. Just as the new highlights for WordPress designers, there are heaps of upgrades to profit the normal blogger or site proprietor:
    premium wordpress blog themes

  5. Simply put WordPress is a publishing platform used for building websites and blogs. It allows for a highly customizable user interface. wordpress vs clickfunnels

  6. Are not they in a hurry? Do not they want to find the outpost? Need not Kirk get back to the ship? Yet they sit there, having a talk and barbecue around a log fire. https://royalcbd.com/product/cbd-oil-250mg/

  7. Yoast's SEO Plugin for WordPress gives a straightforward method to impair creator files, which helps cover up usernames. I generally suggest Limit Login Attempts also, just on the off chance that somebody attempts animal constraining your wp-administrator. hide my wordpress plugin

  8. This is very interesting content! I have thoroughly enjoyed reading your points and have come to the conclusion that you are right about many of them. You are great. buy ig likes

  9. This is really a nice and informative, containing all information and also has a great impact on the new technology. Thanks for sharing it, It's a GPL Plugins selling website

  10. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post.! custom writing

  11. I think that thanks for the valuabe information and insights you have so provided here. fiver seo

  12. There are a few different ways to get started with WordPress, grammarly cyber monday offers depending on your budget, your expertise and whether you use a web hosting service.

  13. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also. WordPress training

  14. I value the blog article. Really looking forward to read more. Will read on...wordpress website not loading

  15. We are looking for a lot of data on this item. In the meantime, this is the perfect article I was looking for 먹튀검증. Please post a lot about items related to !!! I am waiting for your article. And when you are having difficulty writing articles, I think you can get a lot of help by visiting my .

  16. it was a wonderful chance to visit this kind of site and I am happy to know. thank you so much for giving us a chance to have this opportunity.. schlüsselnotdienst 24h

  17. No doubt this is an excellent post I got a lot of knowledge after reading good luck. Theme of blog is excellent there is almost everything to read, Brilliant post. schlüsselnotdienst 24h

  18. Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work.best word press malware removal plugins

  19. We're realized and also accepted that It's another first option that is ready to unlock a definite ability บาคาร่า. This is an excellent solution สล็อต. In a new and contemporary method And one thing relatively brand new It's good likelihood and also clearness ufa. In your case, as well as your readiness for making profits ufabet. Which is quite powerful Outstanding as well as quality knowledge Together with the likelihood is easily the most clear As much as achievable as well And might be regarded as being a wealthy knowledge of clearness and quality แทงบอล, which includes Performance along with alternative style That's very crisp แทงบอล. By far the most wonderful As much as possible, it's a chance to not be skipped without a doubt. For a lot of people, football betting, UFABET, the key website

    We're the fantasy chosen many ufabet. It can be stated that it's the fantasy choice of a lot of people. That's all set to be a quality knowledge And clearness that is ready to always be another highlight of income development And including the effectiveness of creating wealth Pretty much pretty much as it can be, thus it's just like the ideal demand ufa. Is much like a great game Is actually an alternate channel that could take care of accounts.

  20. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post! sexdoll

  21. These modules are typically free as well as open source also. This implies that like WordPress, you can alter them on the off chance that you need to. Best Elementor Themes