{"id":170782,"date":"2018-02-16T13:00:04","date_gmt":"2018-02-16T13:00:04","guid":{"rendered":"https:\/\/premium.wpmudev.org\/blog\/?p=170782"},"modified":"2018-02-13T05:12:05","modified_gmt":"2018-02-13T05:12:05","slug":"get-the-most-out-of-defender-and-maximize-wordpress-security","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/get-the-most-out-of-defender-and-maximize-wordpress-security\/","title":{"rendered":"Get the Most Out of Defender and Maximize WordPress Security"},"content":{"rendered":"

Anyone who owns, builds, manages, or hosts WordPress sites should be obsessed with security. It\u2019s not that WordPress isn\u2019t a safe platform to build websites with<\/a>. It\u2019s just that, being the most popular and widely used CMS in the world, WordPress is an easy target for hackers. This is why WordPress blogs can\u2019t and shouldn\u2019t stop talking about WordPress security<\/a>.<\/p>\n

The nice thing about security getting so much attention is that there are a plethora of solutions readily available to address it. For instance, there are security monitoring tools\u00a0that take care of the first half of the battle against WordPress vulnerabilities. But that can\u2019t be enough. You also need tools that enable you to defend against and mend security vulnerabilities and breaches as well.<\/p>\n

This is why we have WordPress security plugins<\/a>. Sure, there are other security tools and firewalls you should make use of outside of WordPress, but plugins help you put up a strong defense right from within your website. If you\u2019re not familiar with the Defender plugin<\/a>, then I\u2019d urge you to give it a closer look.<\/p>\n

There\u2019s a lot going on with this plugin–in both the free and premium versions–so let\u2019s dig in and see how you can make the most of it.<\/p>\n

Defend Your WordPress Site with the Free Defender Plugin<\/h2>\n

For those of you wary about jumping into a new premium WordPress plugin (especially one that handles your WordPress security) without first trying it out, there\u2019s good news. Defender<\/a> is now available for free in the WordPress repository.<\/p>\n

\"Free <\/div>\n

Let\u2019s take a closer look at the features you really need to take advantage of with the free version of Defender<\/a> and get the most out of it to maximize your security:<\/p>\n

Fortify the WordPress Login<\/h3>\n

Although the Defender dashboard puts a greater emphasis on things like tidying up your database and adding extra security measures to things like PHP and the file editor, I suggest you start in the IP Lockouts section of the plugin.<\/p>\n

\"Login <\/div>\n

Defender is right in prioritizing the scanning and active cleanup of WordPress within the dashboard. However, making sure the front door to your site (i.e. the login page<\/a>) is locked up tight should be done first. The quicker you can fortify the login against brute force attacks with IP lockouts and blocklisting, the sooner you can start using this plugin to actively monitor and fix your site.<\/p>\n

Start first with Advanced Tools. This section will enable you to turn on two-factor authentication<\/a> for your WordPress users.<\/p>\n

\"Post <\/div>\n

In addition to being able to enforce two-factor authentication based on user role, there are additional settings you should configure. With these options, you can make it easier for users to get the Google Authenticator tool to work for them. You can also use this to monitor your users and ensure that they\u2019re abiding by password security best practices<\/a>.<\/p>\n

\"Post <\/div>\n

Now, moving over to the IP Lockouts section, you can use these login fortification methods:<\/p>\n