First, install plugin WP Hide Login, and set up a secret login URL. Next, get Premium and use country blocking if possible.
How do they “find” your login? One of the lamest things about WordPress is when installed it sets up a standardized login URL (wp-login.php) which every hacker, from a 2-year-old babe to an old greybeard 1960s throwback knows is a good place to start attacking your website.
P.S., if your theme has a login link on your pages, even easier for the attackers…
MTN
Thank you, I am grateful for your advice, this is all completely new to me. I am not sure what you mean by if my theme has a login link to my pages? I would just like to ensure as much security to my site as possible, and am thankful for any advice and help!
Would you have any advice regarding a WP Hide Login? Thank you!
If you click a link on your website to login, you have a login link on your pages. That’s the first thing to get rid of with any WordPress theme. That is unless you have a website that attempts to acquire many “members.”
Sorry, I meant to write WPS Hide Login. It is a plugin.
Overall, know that every website on the internet is under constant attack, the situation is ridiculous. With Wordfence you get to see some of those attacks. Don’t be alarmed. Do what you can to block the criminal attacks, otherwise do regular backups of your site, preferably redundant multiple methods of backing up.
MTN
Thank you, I am really grateful. I am using the Hide my Site plugin and am sending a link only to those to whom I wish to show my side. I am using the Sugar and Spice theme, I am sorry, I don’t know if there is a link on my website login, and how to get rid of it, would you be able to tell me how? I am really inexperienced with all this.
How do I add robots meta to all my pages? I want to be sure to have no index, no follow on all my pages, and especially also the admin, author, login and register, subpages etc. I saw the Yoast SEO plugin, but as I don’t want search engines to find my site I am not sure this is the way to go?
Should I be using Wp security scan in addition to Wordfence, or something like Bulletproof?
I added captcha from BWS, should I be using a different one just for the login? I saw in tutorials that All in One WP Security & Firewall is recommended, but I am using Wordfence, what would you recommend?
Thank you very much again and especially for the WPS Hide Login!
I need to add to my post – I really need some help with the robots meta. I searched for the robots meta plugin by Joost de Valk but it no longer exists. It tried to install the Yoast SEO but don’t know how to set it up as I am discouraging all search engines. I couldn’t find the options for the no index no follow, I don’t want any SEO to my site. How can I add the robots meta to all my pages in a simple way? I am afraid to go into the theme header of my theme as I don’t want to adjust my actual theme in case it goes wrong. Is there a simple way to just add the no index no follow to each page? Thank you!
Hello, we really need to keep these threads at least somewhat specific to Wordfence. If you google robots.txt and other related terms, you can train yourself. More, if you seek help specific to Yoast, probably best to use the Yoast support forums. MTN
Thank you. I have a Wordfence question though – does it protect also the front end of the site from attacks (apart from the login/admin end)?
Not sure exactly what you mean, but the IP blocking done by Wordfence indeed does block suspicious browser requests from seeing your homepage, and instead delivers a “blocked” message. In other words, when a browser looks at your website, Wordfence checks things first. So in that sense WF “protects” the front end of your site.
All this depends on how you set up Wordfence, of course, as this is sophisticated software with lots of options.
MTN
Thank you, I have another problem now: Wordfence keeps locking me out! I have protected my admin login, and at first it was fine, now it is locking me out again! Is there something I can do in Wordfence so that it will not keep locking me out? Thank you!
Hi fleurette,
It’s recommended to create a new topic for your new question with a descriptive title as per the forums rules.
Please share with us a screenshot of the locked-out page you got, also make sure you have the correct option set for “How does Wordfence get IPs” in (Wordfence > Options). A good way to test that is by reloading your website in a separate browser window while being logged-out and check (Wordfence > Live Traffic) to make sure your correct IP has been logged there.
Thanks.
