Steps to take before posting your WordPress website link on reddit (Important)

I posted my website link (allsystems.co.ke) on reddit a week ago and since then malicious actors have tried hacking my website a total of 1730 times. Here are the steps you should take to secure your WordPress site before posting the link on reddit

1) Edit .htaccess file located on your root folder and add this lines at the end

Options -Indexes

<Files xmlrpc.php>

Order deny,allow

Deny from all

Options -Indexes–> disables directory browsing on your website which allows attackers to view the directory structure of all your files

<Files xmlrpc.php> Order deny,allow Deny from all –> This disables xmlrpc which allows brute force attacks, where hackers attempt to guess usernames and passwords repeatedly

2) change the default username "admin" using a free plugin like "WP Edit Username" or "Change Username" change it to something you can remember and note it down like "scoobydoo". Remember to change the password to strong combination of letter, numbers, symbols, uppercase etc. You can remove the edit username plugin after this

3) Install a free plugin that blocks ip addresses of attackers. Its called "Limit Login Attempts Reloaded" and from my tests, it has not slowed down my website. Had installed "wordfence" but my site loading speed dropped alot.

a) set maximum number of retries to a low number "make sure never to forget your password" b) Put a high number for lockout interval which locks all attackers for several weeks, months once they try to guess your wp-admin password a few times c) block xmlrpc d) allow auto ip blocklist NB* you can upgrade to micro-cloud for free which gives you premium features

4) install 2fa using google authenticator for your domain login and wordpress admin login.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer