It’s well known that you can never have enough security on your website regardless of how it’s built. Security measures are vital as the biggest websites in the world can be vulnerable to attack. Despite the overwhelming evidence, it’s an often overlooked and forgotten feature that is reasonably easy to implement.
That’s why a plugin like Cerber Security & Antispam is very useful to have and even easier to set up.
You will find it in the usual WordPress repository in the dashboard or here if you are interested in reading a little more about it.
The out of the box default settings are more than adequate for most sites but there are further configurations if you require them. The plugin will automatically white label your IP settings. Click here if you require further help with this. In my experience, it almost always sets up perfect but this can vary (depending on your host).
There are a host of settings to play with. Here are just a few
Enable a custom login page
To hide the default wp-login.php WordPress login page from attacks, specify your own hidden custom login URL and turn off wp-login.php. Remember to add this URL to your caching plugin of pages not to cache.
Specify prohibited usernames & IP addresses
Go to the plugin users admin page and add names that should automatically be prohibited. Common names like admin, administrator, editor, user and test are the most commonly used names by hackers.
Enable Antispam protection
Cerber antispam is compatible with most form builders. On the Antispam page, there are a host of settings and you can also set up reCaptcha (recommended)
The above 3 are probably the most important features that really excel in this plugin. You can always visit the plugin page to learn about other features. The default settings are perfect for most websites, especially if you are not yet up to date on security measures.
In the Cerber dashboard, you should see it working a bit like the image below.
As you can see from the image, Cerber Security & Antispam has restricted bots probing for vulnerable PHP code. I also attempted to log in to the site using “admin” as a username and it blocked my attempt. (Our IP address is edited out)
There is also a Traffic Inspector which gives you detailed information on your visitors.
Weekly reports containing the week’s activities are also sent to the registered email address.
This is an excellent plugin and frequently updated. Out of the box settings are perfectly adequate but the options are also there to further save your site from hacking attempts. It’s well worth reading a bit more about Cerber and the features this plugin offer. Its one of those plugins that should be part of your default WordPress setup.