To improve the security of my WordPress site I chose to use the Really Simple Security plugin. It’s free, light weight and easy to use. It also provides a couple very important protections with very little setup.
- HTTPS/SSL Enforcement: The plugin ensures that the entire site uses secure HTTPS connections. It make sure that login and form data will be completely protected from being intercepted by hacks.
- Security Headers: The plugin adds headers like Content-Security-Policy and X-Frame-Options. These work behind the scenes to guard against common attacks like cross-site scripting (XSS) and clickjacking.
- Simple Hardening Features: It disables features like XML-RPC (which bots often target), hides the login URL, and blocks suspicious looking traffic. It’s a small layer of defense that can make a big difference.
The Setup
The setup was pretty simple and straight forward. After installation and activation, I clicked the setup link from my WordPress dashboard. The first thing the plugin asked was to “Activate SSL and Security Features”. After that, it walks you through the recommended setting like enabling: redirects to HTTPS, security headers, hide login pages, enable fire wall rules, and disable XML-RPC. After that you just click finish and save. That was pretty much the entire setup. Pretty simple for a powerful plugin!
Leave a Reply