beginner-wordpress-user/subtitles/7 Tips to improve website security.en.srt

1
00:00:00,000 --> 00:00:03,316
Welcome to Learn WordPress.

2
00:00:03,316 --> 00:00:06,000
Let's talk about 7 tips to improve website security.

3
00:00:06,000 --> 00:00:11,000
Number one, use a password manager and secure passwords for your logins.

4
00:00:11,000 --> 00:00:17,000
Password managers such as OnePassword and Bitwarden are worth exploring.

5
00:00:17,000 --> 00:00:22,000
One of the most common areas for security failure is unfortunately the human one.

6
00:00:22,000 --> 00:00:24,700
No two passwords should ever be the same

7
00:00:24,700 --> 00:00:31,000
and ensure passwords are at least 10 to 12 characters and include numbers and symbols.

8
00:00:31,000 --> 00:00:36,000
And remember, never use admin as a username.

9
00:00:36,000 --> 00:00:39,636
Password managers store your passwords securely

10
00:00:39,636 --> 00:00:46,000
and allow you to generate unique secure passwords for each login without needing to remember each one.

11
00:00:46,000 --> 00:00:49,000
Number two, use a two-factor authentication.

12
00:00:49,000 --> 00:00:54,600
Two-factor authentication can significantly enhance the security of your WordPress site

13
00:00:54,600 --> 00:00:58,000
by adding an extra layer of protection to the login process.

14
00:00:58,000 --> 00:01:00,767
This way, even if someone else gets your password,

15
00:01:00,767 --> 00:01:05,000
they still can't log into your account without that second factor.

16
00:01:05,000 --> 00:01:07,250
Two-factor authentication may seem like a small step,

17
00:01:07,250 --> 00:01:14,000
but it can greatly improve the security of your online accounts and help protect your personal information.

18
00:01:14,000 --> 00:01:25,000
You can search for a two-factor authentication plugin such as WP2FA, two-factor authentication or Mini-Orange's Google Authenticator.

19
00:01:25,000 --> 00:01:29,129
Some security plugins also include two-factor authentication,

20
00:01:29,129 --> 00:01:33,000
but we will talk more about security plugins in a minute.

21
00:01:33,000 --> 00:01:36,000
Number three, always review your user base.

22
00:01:36,000 --> 00:01:41,000
Remove unnecessary users and be very selective of admin users.

23
00:01:41,000 --> 00:01:44,000
Let's make our way to users in the dashboard.

24
00:01:44,000 --> 00:01:48,000
User roles such as editors, authors and contributors should be monitored.

25
00:01:48,000 --> 00:01:53,000
Typically, the administrative role is reserved for the website's owner.

26
00:01:53,000 --> 00:02:01,000
Removing unnecessary users will minimize the potential attack surface or entry points that attackers can exploit.

27
00:02:01,000 --> 00:02:10,000
Number four, only install plugins and themes from trust to developers and uninstall what you are not using.

28
00:02:10,000 --> 00:02:16,000
To assess the reliability of a theme or plugin, there are a few things to review.

29
00:02:17,000 --> 00:02:20,000
Check user feedback and reviews.

30
00:02:20,000 --> 00:02:23,000
Note when it was last updated.

31
00:02:23,000 --> 00:02:28,935
Look at the number of active installs, explore their support and documentation

32
00:02:28,935 --> 00:02:36,000
and double check that it is compatible with the latest version of WordPress.

33
00:02:36,000 --> 00:02:40,500
Number five, keep your plugins and themes up to date

34
00:02:40,500 --> 00:02:44,000
and remember to back up your site before updating.

35
00:02:44,000 --> 00:02:46,000
But you might be asking why.

36
00:02:46,000 --> 00:02:51,220
Keeping your WordPress themes and plugins up to date is important

37
00:02:51,220 --> 00:02:55,000
for maintaining the security, stability and compatibility of your site.

38
00:02:55,000 --> 00:02:59,263
Updates often include security patches that fix vulnerabilities in software

39
00:02:59,263 --> 00:03:04,000
as well as bug fixes that could cause your site to malfunction or break.

40
00:03:04,000 --> 00:03:11,000
These bugs could also potentially be exploited by attackers to gain unauthorized access to your site.

41
00:03:11,000 --> 00:03:16,385
By keeping your website up to date, you can ensure that your site is protected against the latest security threats

42
00:03:16,385 --> 00:03:21,000
and runs smoothly with the latest web technologies.

43
00:03:24,000 --> 00:03:31,222
Number six, install a security plugin like WordFence, Jetpack Security or iThemes

44
00:03:31,222 --> 00:03:34,000
that will scan your site for any reported vulnerabilities.

45
00:03:34,000 --> 00:03:37,915
There are also many other plugins available in the plugins directory worth exploring

46
00:03:37,915 --> 00:03:45,000
such as patch stack, all-in-one security, etc.

47
00:03:45,000 --> 00:03:50,682
A website security plugin can help protect your website from common cyber threats,

48
00:03:50,682 --> 00:03:55,000
block malicious traffic and alert you to potential security issues.

49
00:03:55,000 --> 00:04:02,000
In essence, a security plugin will help you maintain the security and integrity of your website.

50
00:04:02,000 --> 00:04:07,000
And finally number seven, something for more advanced users.

51
00:04:07,000 --> 00:04:14,192
Follow security-focused blogs like patch stack, WP scan or blog.security

52
00:04:14,192 --> 00:04:18,000
which report any new vulnerabilities for which there are updates as well as emerging web threats.

53
00:04:18,000 --> 00:04:21,000
Then there are also some other steps worth exploring.

54
00:04:21,000 --> 00:04:23,333
Firstly, choosing a reliable web host.

55
00:04:23,333 --> 00:04:28,950
Secondly, installing an SSL certificate if your host has not already installed one

56
00:04:28,950 --> 00:04:35,000
which will allow you to enable HTTPS which ensures that no information is passed in plain text.

57
00:04:35,000 --> 00:04:42,000
And thirdly, using a spam detector, especially if you have a blog or allow comments on posts.

58
00:04:42,000 --> 00:04:47,000
All the best keeping your site safe and secure.