As soon as you install WordPress, keeping it secure is the most important step. Once you have installed WP, we suggest you follow the basic steps first we mentioned in the article Must do Important Steps after Installing New WordPress.
In detail, we have explained the kind of benefit you get after installing these plugins. Below plugins will not slow down your site. You can use a chrome extension called ‘WP Hive‘ to know the effect of plugins on WordPress performance.
- Security Plugin: NinjaFirewall (WP Edition)
- Logs: Activity Log
- PHP Codes: Code Snippets
- Backup: Duplicator
Security Plugin: NinjaFirewall (WP Edition)
The best plugin to keep your WordPress Secure. This plugin prevents Brute Force attacks by protecting the wp-login.php page. Easy to set up and use. You also receive notifications on your Email when ‘admin login’ is detected. You also get notifications when there is a security update to any of the plugins you have installed, i.e. when Vulnerability is detected on any of the plugins on WordPress Repository, you can update yourselves with the information and keep your site secured by installing the patch update.
We have a separate article to explain how this plugin works and how can you use it to make your site secure.
Logs: Activity Log
If you haven’t protected your login page against brute force, how can you even know that there is someone trying to enter your site? There must be a Logfile right? Yes. If you install this plugin, you can know whatever is happening on your site.
If any plugin is activated or deactivated, someone logged in, failed logins (brute force attacks), when a post is being edited, if you have provided temporary admin access to any plugin/theme developer, you must know what exactly are they doing in your site after getting access. In short, everything is logged including the ‘time’ at which an activity is detected inside WP. If you notice any suspicious activity, you can take the necessary steps to get it resolved.
Using ‘Activity Log Plugin’ is the best possible way to detect Brute-Force attacks. You can also find the ‘username’ used to Brute-force, you can also note their IPs. If you really want to know if there is any Brute-Force attempt, just disable the ‘Login Protection’ from the above Plugin (Ninja Firewall) for about 2-3 days and just keep an eye on the Activity Log. We are sure, you will find a bunch of ‘Failed Login’ attempts.
PHP Codes: Code Snippets
Editing the parent theme is not recommended unless you have a backup of changes that you have done. When you update your parent theme, you will lose every piece of code you added or modified. The best way to edit theme files is by using a Child Theme. Generally, Child Themes are available for most of the Themes.
To change, add or remove any WordPress functionality to your liking, you will have to add the code to the “functions.php” file present in the “theme editor”. This ‘functions.php’ file is like a ‘Chipset’ of any computer. You have full control of your WP site with the functions.php file.
If you add any piece of code in functions.php file, you have to comment before the code is pasted as a general reference for yourself to know in the future what kind of functionality is being changed by that code. If you don’t keep track and you are not a developer, there is a chance that you will forget. In order to disable any codes, you have to again open the functions file, either delete the whole code or comment the whole code so that the code will be disabled. All this takes time and patience to search in the functions file when multiple lines of codes are added. This is where the Code Snippets Plugin plays in.
Using this Plugin you can add new Snippets, nothing but the Piece of Code you wanted to add in functions.php file. Once you add any code, whenever you wish you can activate it or deactivate it. In the previous method, you had to comment out the code. Here using the plugin, you can switch ON and OFF your codes in just one click.
Assume you used the old method of adding codes to functions.php. The file functions.php is inside the theme folder. When you change the theme, you will lose all the WordPress functionality you needed. You have to manually switch back to the old theme in order to recover those codes. So if you don’t use this plugin, then you need to take a copy of the codes and once again copy inside the functions file of the new theme.
You can also give Titles to the Codes for your reference. In this way, you can keep track of the codes you add. A simple, easy-to-use, and Must-have Plugin.
Backup: Duplicator
One of the best backup plugins for WordPress along with Updraft Plus. Technically Duplicator is not for backup and is for migration. The free version works for websites with a size <500MB. We have a separate article on How to Backup WordPress with Duplicator Plugin.
In the free version of Updraft, you can take backups, store them in drive/pc/ Dropbox. You cannot migrate your site to the Free version. It is really worth it if you would like to purchase the Updraft plugin. If you get that plugin, you don’t need any other plugin for Backing up and Migrating your site.
Duplicator on the other hand is an easy-to-use Migrating Solution. We extensively use it for all of our and our client’s websites. We also use one more plugin which will be explained in the article on Best Backup Plugin for WordPress
But to use this plugin for reinstalling WordPress, you should be able to open your hosting account, add and remove databases and their users which is a very easy task, only looks complicated. More about using Duplicator in this article.
In short, Duplicator is easy to use. it is extremely fast to completely backup your site and it’s also fast to reinstall your backup. If you use it 2-3 times, then you will get a good hold of it.