10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

How do you Secure Wordpress and Boost Speed?

by VizyMedia
8 replies
Hi
I have used wordpress for 6 years now, building personal sites and for clients and despite the years of experience, I fall short of knowledge owing to the self learning nature of our Industry. I have 2 major problems and need advice from warriors; security and speed.

1. Wordpress security
Initially, i used no security plugins. My sites ALWAYS got hacked. At least twice every week, i receive an email from my hosting company that one of my site has been reported for hosting phishing content and I should delete the files and change my password. Then in my cpanel, I see sub-domains created by hackers and pointing to sites that steal peoples information (I use a budget shared reseller hosting package with 25 cpanels). This continued for some time and I got sites taken down and lost clients.

The goodnews is I managed to stop this after watching a tutorial on youtube titled: How to virtually bulletproof your wordpress site from hackers Important!
The video dates a year now. I installed all the FREE plug-ins he recommended and never got hacked again.

A. Free Security Plug-ins recommended in the video
- wordfence
- stop spam comments
- rename wp login
- captcha on login
- stop user enumeration
- wp security scan
- block bad queries
- robots meta
- advanced auto updates

B. Other Plug-ins in all my sites
In addition to those above, I will have a plugin for SEO, Cache, Social sharing, Ad display, analytics, comments, sitemap and plug-ins installed with the theme such as visual composer or a slideshow plug-in.

2. Page Speed
The problem of page speed came much after and it's hard to tell if it is because I am using too many plugins or some of the plugins are not supported and causing problems or there are other things I am missing out that warriors can help me understand. The annoying thing is the effect is felt on all my sites as I use almost same plugins throughout. According to gtmetrix. com reports, for my sites, the average index pageload time is 10 seconds for pages below 2mb. My worst site has a pageload of upto 86secs

I will appreciate some kind advice and particularly a list of plug-ins used now that solve these 2 major problems. I have preference for free but will go for a paid option if it's totally worth it.
Thanks for reading through my long post and appreciate your help via comments below.

Kind Regards
Elvis
#boost #secure #speed #wordpress
  • Profile picture of the author webpat
    In regards to security i don´t trust any third parties. I host all my services, including multiple instances of wordpress, on my own root server. Never had any issues despite multiple attacks on my server every day. If you don´t own your services, there is not much you can do to improve its security.
    Every plugin brings its own security risk. A lot of affiliate plugins are very prone to attacks.
    If i had my wordpress site on a hosted environment, i would use as few plugins as possible and only use those that are well-maintained. Keep wordpress and all plugins updated. Having too many of them may be the reason for your speed issues as well. If you can, deactivate each of your plugins and test your page generation times if you can make out the culprit.
    There is a lot of exploits for Cpanel and there is nothing you could do about it but complain to your provider, strengthen your password or choosing not to use it at all.
    To prevent brute force attacks use secure passwords everywhere with at least 20 random characters.

    To give your page generation speed a short term boost, you may want to check out the cloudflare plugin for wordpress, but that´s another security risk right there.

    Just my 2 cents.
    {{ DiscussionBoard.errors[10054511].message }}
    • Profile picture of the author Paul Guilfoyle
      Originally Posted by webpat View Post

      you may want to check out the cloudflare plugin for wordpress, but that´s another security risk right there.

      .
      Hi webpat,
      I've just started using ithemes security and backupbuddy and was thinking of using Cloudfare's free plan.
      Is there a security risk using Cloudfare?
      Thanks
      Signature

      Easiest, fastest way I know, and working for countless others to create an online income.
      Click Here to Watch Free Video and start learning how to really profit from the internet

      {{ DiscussionBoard.errors[10073108].message }}
  • Profile picture of the author Jeff Hope
    You can use the P3 Profiler plugin to see which plugins ( if any ) are causing the most page load delay.
    {{ DiscussionBoard.errors[10054999].message }}
  • Profile picture of the author billspaced
    Wordfence is excellent for WordPress security. Try the free version.

    Inside, you have to look for it, Wordfence supplies a caching engine, too, to speed up page loads.

    Additionally, for both security and speed, try a CDN (content distribution network) like Cloubflare (free plan).

    You can also add a "minify" plugin as well as a "smushing" plugin.
    Signature

    Bill Davis
    Chief Marketing Officer, SoMoLo Marketing

    {{ DiscussionBoard.errors[10055055].message }}
  • Profile picture of the author VizyMedia
    Thanks for your helpful insights
    I will install P3 profiler now to see how the plugins are performing.
    Will remove the problematic ones.
    Will also read more about cloudflare and use it
    Thanks again
    {{ DiscussionBoard.errors[10056892].message }}
  • Profile picture of the author essmeier
    Here's now I secure Wordpress:

    1. Log into WHM on my server.
    2. Go to Apache Configuration
    3. Select Include Editor
    4. Select Pre Virtual Host Include
    5. Select All Versions
    6. Add this code:

    <Files wp-login.php>
    order Deny,Allow
    Deny from all
    Allow from my_IP_address_here
    </Files>

    No one can access the login page unless they are using allowed IP addresses. They'll simply be redirected to the home page. If you need to log in from more than one IP address, just add another "Allow from" line.

    Charlie
    Signature
    Work Online From Home
    {{ DiscussionBoard.errors[10056923].message }}
  • Profile picture of the author dalereardon
    Hi,

    To secure Wordpress and speed it up you need to spend a lot of time maintaining things yourself and optimizing the server which is impossible to do properly on a shared hosting plan.

    The cheapest option (free) for speeding up a WP site on a shared hosting plan is to use Cloudflare and run your DNS through their system and you get a basic CDN (content delivery network) for free.

    To have it all done for you with amazing speed and support I recommend WPEngine webhosting which is specialist managed Wordpress hosting. I did a full review of it on my blog:

    https://OnlineBeginnersHub.com/wordp...sting-website/


    You get security and speed plus a whole lot more and really your time and peace of mind is worth it.

    When I transferred my site onto their servers they discovered it had some hacked files in it, and their security people fixed my site for free and no problems ever again.

    Dale.
    Signature

    Dale Reardon
    Travel For All Community and Directory - Accessible & Inclusive Travel
    Travel For All Community and Directory

    {{ DiscussionBoard.errors[10058023].message }}
  • Profile picture of the author Houlian
    I use bulletproof security for all of my sites -- that's the name of the plugin. It works very well for protecting them from hacking. I don't bother too much with plugs for speed. To avoid having sites hacked, try to host your sites on very well-known hosts. All of my sites that have been hacked were always on cheap hosts.
    Signature
    Cloud Fortunes -- My Cutting-Edge Affiliate Marketing and SEO Blog
    {{ DiscussionBoard.errors[10073244].message }}

Trending Topics