Common Mistakes of WordPress users


#1
  1. Never taking backup. If you don’t know it’s okay, please learn how to take backup.

  2. Using Nulled Theme & Plugin which results to getting hacked! Learn how to secure WordPress.

  3. Using either too small or big hosting plan while you can get affordable and best plan.

  4. Poor Plugin management: Using too many plugins, never updating plugins.

  5. Keeping bunch of deactivated plugins for the future use!

  6. Using more than one similar plugin, especially some time I have seen two-three cache plugins.

  7. Using special Sitemap plugin even while using Yoast SEO Plugin which itself provides.

  8. Using JetPack, keeping everything activated when many unused modules can be deactivated.

  9. Using Really Simple SSL plugin when you can enable SSL much better way without it.

  10. Using Cloudflare Plugin for SSL, it’s not required if you follow this alternative approach.


#2

image


#5

Delaying is good, but completely ignoring update is a huge security risk.


#6

@GulshanKumar which plugin you recommend​ to change admin URL ??


#7

Well, I don’t recommend tweaking that part. But I would recommend something different if you like …

In case of Cloudflare

  • Add a page rule “under attack mode” just for /wp-login.php* page

This will potentially block all major attack at your login page.

  • Additionally, hide original username.

Alternative case, if you use JetPack

  • Just enable SSO and force redirection to it that’s sufficient

#8

How to do that?


#9

Type this way

*domain.tld/wp-login.php*

#10

And what setting? And Order?


#11

@Saksham The order should be 1st.


#12

Thanks!

And any way to check this if it is working or not :thinking:


#13

Yes, simple.

Step 1. Open Chrome Incognito window
Step 2. Access your login page, you will see the page will load after checking your browser.
Step 3. The page will load only if your browser will have JavaScript enabled (usually all browsers having by default)