Studio-Archive/beginner-wordpress-user
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
beginner-wordpress-user/subtitles/Getting started with WordPress security.en.srt
studio 4cfcf09a97 sync: full archive from pipeline (250 files) 
Sources: video-subtitle-pipeline artifacts/beginner-wordpress-user/
- subtitles/: en, zh, bilingual SRT/ASS (100 files)
- platform/: youtube SRT + bilibili BCC per video (75 files)
- manifests/: per-video manifest.json (25 files)
- quality/: quality reports (50 files)
2026-04-13 23:35:08 +08:00

315 lines
8.3 KiB
Text
Raw Permalink Blame History

1
00:00:00,000 --> 00:00:03,349
In this lesson, we will walk you through essential steps
2
00:00:03,349 --> 00:00:08,000
to establish a strong security foundation for your new WordPress website.
3
00:00:08,000 --> 00:00:14,000
These practices will ensure your online presence is safe and secure. Let's get started.
4
00:00:15,000 --> 00:00:18,000
Here are the learning outcomes for this lesson.
5
00:00:18,000 --> 00:00:26,304
Keeping your site up-to-date, selecting a secure hosting provider, choosing a robust password, using two-factor authentication,
6
00:00:26,304 --> 00:00:33,000
installing and activating a security plugin, and lastly, controlling who has access to your site.
7
00:00:34,000 --> 00:00:37,143
The most important thing to do for WordPress security
8
00:00:37,143 --> 00:00:42,000
is to keep WordPress itself and all installed plugins and themes up-to-date.
9
00:00:42,000 --> 00:00:46,000
You will be happy to hear WordPress automatically applies security updates.
10
00:00:46,000 --> 00:00:55,000
Since the WordPress 5.6 release, every new site has updates automatically enabled for both minor and major releases.
11
00:00:55,000 --> 00:01:01,000
It is also encouraged for users to choose themes and plugins that are actively receiving updates.
12
00:01:02,000 --> 00:01:06,000
Next, selecting the right hosting company is crucial.
13
00:01:06,000 --> 00:01:09,088
When choosing a hosting provider for your website,
14
00:01:09,088 --> 00:01:13,000
make sure they include security features that will keep your site safe.
15
00:01:13,000 --> 00:01:16,000
Here are some features you would want them to include in their offerings.
16
00:01:16,000 --> 00:01:21,000
And please note, some hosts might charge more to include these services.
17
00:01:21,000 --> 00:01:28,000
Number one, a firewall to block suspicious activities to ensure only the right traffic enters your website.
18
00:01:28,000 --> 00:01:30,000
Number two, malware protection.
19
00:01:30,000 --> 00:01:36,000
This is like having a security guard who checks everything coming in for any harmful bugs or viruses.
20
00:01:36,000 --> 00:01:43,000
Malware protection scans your website regularly to remove any malicious software that could harm your site or visitors.
21
00:01:44,000 --> 00:01:46,045
Number three, an SSL certificate,
22
00:01:46,045 --> 00:01:54,000
which includes an encryption code that ensures all information sent between your website and your visitors is secure.
23
00:01:54,000 --> 00:01:58,000
SSL stands for secure sockets layer.
24
00:01:58,000 --> 00:02:05,000
Number four, regular backups, as this means your website's content and data are saved regularly.
25
00:02:05,000 --> 00:02:10,000
If something goes wrong, you can restore your website to a previous healthy state.
26
00:02:10,000 --> 00:02:13,000
Number five, DDoS protection.
27
00:02:13,000 --> 00:02:19,000
This helps your site handle surges in traffic, ensuring it doesn't crash or slow down.
28
00:02:19,000 --> 00:02:23,000
DDoS stands for distributed denial of service.
29
00:02:24,000 --> 00:02:28,000
And then lastly, you want SFTP access.
30
00:02:28,000 --> 00:02:34,000
This is like having a special secure tunnel for transferring files to and from your website.
31
00:02:34,000 --> 00:02:41,000
It ensures that your files are moved safely without being intercepted by unauthorized parties.
32
00:02:41,000 --> 00:02:46,000
SFTP stands for secure file transfer protocol.
33
00:02:46,000 --> 00:02:50,000
Next, it's imperative to establish a robust password.
34
00:02:50,000 --> 00:02:53,000
Passwords are key for safeguarding your website.
35
00:02:53,000 --> 00:02:58,000
Your password is the weakest link to the security of anything you do online.
36
00:02:58,000 --> 00:03:03,000
If your password is easy to guess, your online identity is vulnerable.
37
00:03:03,000 --> 00:03:07,000
Make sure you don't use simple or predictable passwords.
38
00:03:07,000 --> 00:03:18,000
Instead, make sure your passwords include a mix of uppercase and lowercase letters, passphrases, numbers and special characters.
39
00:03:18,000 --> 00:03:24,000
Aim for a length of at least 12 characters and you can also use spaces.
40
00:03:24,000 --> 00:03:30,000
Avoid using birth dates, nicknames or other personal information as a password.
41
00:03:30,000 --> 00:03:37,000
Let's look at a quick example of a password that is easy to remember but hard to guess.
42
00:03:37,000 --> 00:03:40,000
The password is monks drive to the beach.
43
00:03:40,000 --> 00:03:46,500
But of course, I've included special characters, capital letters, lowercase, numbers, spaces, etc.
44
00:03:46,500 --> 00:03:53,000
You can also protect your account by logging out when you're finished working.
45
00:03:53,000 --> 00:03:57,000
This is especially important when working on a shared or public computer.
46
00:03:57,000 --> 00:03:59,769
If you don't log out, someone can access your account
47
00:03:59,769 --> 00:04:03,000
by viewing the browser history and returning to your dashboard.
48
00:04:03,000 --> 00:04:10,000
Another step worth mentioning is to enable two-factor authentication to fend off brute force attacks.
49
00:04:10,000 --> 00:04:12,824
A brute force attack is a hacking method
50
00:04:12,824 --> 00:04:18,000
that uses trial and error to crack passwords, login credentials and encryption keys.
51
00:04:18,000 --> 00:04:21,375
Two-factor authentication usually involves entering a code or interacting with an application on a smartphone
52
00:04:21,375 --> 00:04:27,000
when attempting to log into a service.
53
00:04:27,000 --> 00:04:29,000
In this case, WordPress.
54
00:04:29,000 --> 00:04:33,000
WordPress does not have two-factor authentication by default.
55
00:04:33,000 --> 00:04:39,000
However, there are several plugins that provide two-factor authentication for self-hosted WordPress websites.
56
00:04:39,000 --> 00:04:45,000
And that leads to the next important topic, namely security plugins.
57
00:04:45,000 --> 00:04:50,000
Enhance your security further by installing a WordPress security plugin.
58
00:04:50,000 --> 00:04:55,000
Many security plugins also include two-factor authentication.
59
00:04:55,000 --> 00:05:01,000
WordPress security plugins are essential tools that safeguard your website from cyber threats.
60
00:05:01,000 --> 00:05:08,000
They provide real-time monitoring, prevent brute force attacks, offer firewall protection and scan for malware.
61
00:05:08,000 --> 00:05:14,000
These plugins enhance login security, ensuring only authorized users can access your site.
62
00:05:15,000 --> 00:05:20,000
Finally, controlling who has access to your site is essential.
63
00:05:20,000 --> 00:05:22,545
While each site has only one owner,
64
00:05:22,545 --> 00:05:26,000
you can have other users to share some of their administrative load.
65
00:05:26,000 --> 00:05:31,000
However, sharing the load also means sharing the responsibilities.
66
00:05:31,000 --> 00:05:38,000
WordPress provides different user roles such as contributor, author, editor and administrator.
67
00:05:38,000 --> 00:05:41,000
Contributors have the most limited role.
68
00:05:41,000 --> 00:05:44,000
They can only draft posts but can't publish them.
69
00:05:44,000 --> 00:05:50,000
Authors can publish posts and upload images but can't edit other users' posts.
70
00:05:50,000 --> 00:05:59,000
Editors can edit or publish any users' posts, moderate comments and manage categories and tags.
71
00:05:59,000 --> 00:06:03,000
Lastly, administrators have full control of a site.
72
00:06:03,000 --> 00:06:05,000
They can even delete it.
73
00:06:05,000 --> 00:06:09,000
And it is therefore recommended that each site only has one administrator.
74
00:06:10,000 --> 00:06:15,077
Assign these roles carefully based on the level of access users need
75
00:06:15,077 --> 00:06:22,000
and avoid giving unnecessary administrator privileges to prevent potential mishaps or unauthorized changes.
76
00:06:22,000 --> 00:06:29,298
By choosing secure hosting, utilizing WordPress security plugins as well as two-factor authentication,
77
00:06:29,298 --> 00:06:35,000
creating strong passwords and managing user roles, you will significantly enhance your website's protection.
78
00:06:35,000 --> 00:06:41,000
And please note, we do not endorse any of the themes or plugins mentioned in this video tutorial.
79
00:06:41,000 --> 00:06:43,000
They are merely examples.
Reference in a new issue View git blame Copy permalink