Never taking backup. If you don’t know it’s okay, please learn how to take backup.
Using Nulled Theme & Plugin which results to getting hacked! Learn how to secure WordPress.
Using either too small or big hosting plan while you can get affordable and best plan.
Poor Plugin management: Using too many plugins, never updating plugins.
Keeping bunch of deactivated plugins for the future use!
Using more than one similar plugin, especially some time I have seen two-three cache plugins.
Using special Sitemap plugin even while using Yoast SEO Plugin which itself provides.
Using JetPack, keeping everything activated when many unused modules can be deactivated.
Using Really Simple SSL plugin when you can enable SSL much better way without it.
Using Cloudflare Plugin for SSL, it’s not required if you follow this alternative approach.
Delaying is good, but completely ignoring update is a huge security risk.
Well, I don’t recommend tweaking that part. But I would recommend something different if you like …
In case of Cloudflare
- Add a page rule “under attack mode” just for
This will potentially block all major attack at your login page.
- Additionally, hide original username.
Alternative case, if you use JetPack
- Just enable SSO and force redirection to it that’s sufficient
Type this way
And what setting? And Order?
And any way to check this if it is working or not
Step 1. Open Chrome Incognito window
Step 2. Access your login page, you will see the page will load after checking your browser.