Securing your website is crucial to protect it from hackers, malware, and other online threats. In this article, we will show you 11 ways you can secure your accounts, starting with basic methods, and moving onto more advanced ones, all with the goal of enhancing the overall security of your website. Each of these measures adds an extra layer of protection, making it significantly harder for unauthorized users to gain access.

1. Domain Registrar (GoDaddy.com)

Enable 2-Step Verification:

Enabling 2-step verification for your domain registrar account ensures that even if someone obtains your username and password, they would still need a second form of verification to access your account. GoDaddy offers a straightforward process to set up one or several security features.

Step-by-Step Instructions:

1. Log in to your GoDaddy account:
   • Visit GoDaddy’s Login & PIN page.
2. Enable 2-Step Verification:
   • Scroll down, and under the 2-Step Verification, click on “Add Verification.”
   • Choose your preferred method of receiving verification codes (e.g., via SMS, Authenticator App or Security Key).
   • Follow the on-screen instructions to complete the setup.
3. Complete the setup process according to the method you selected:
   • If you chose Authenticator App, follow the instructions to install an app on your phone and scan the barcode. Enter the authentication code and the name of the app, then select Next.
   • If you selected Security Key (such as a Yubikey or Google Titan), set up the security key.
   • If you selected SMS text messages, enter your phone number, then select Next. Enter the 6-digit code we text you (it’s good for the next 20 minutes), then select Next.
4. Backup Method:
   • Add all 2-Step Verification methods as backups.

---

2. Hosting Account (A2Hosting.com)

Enable 2-Factor Authentication:

Securing your hosting account is vital as it controls the server where your website resides. A2 Hosting offers 2-Factor Authentication to add an extra layer of security, ensuring that your hosting environment remains secure.

Step-by-Step Instructions:

1. Log in to your A2 Hosting account:
   • Go to A2 Hosting and enter your account credentials.
2. Go to Security Settings:
   • In the menu bar, click on HELLO YOUR NAME.
   • Click on “Security Settings.”
3. Enable 2-Step Verification:
   • Under 2-Factor Authentication, click on “Enable”, then follow the process.
   • Click on “Get Started.”
   • Use the Authenticator App on your device to scan QR code.
   • Enter the one-time numeric password displayed on the app.
   • Click on “Confirm.”
   • Make sure you see confirmation message.
4. Backup Codes:
   • Note down any backup codes provided during the setup process for future use.

---

3. cPanel

Enable Two-Factor Authentication:

cPanel is a popular web hosting control panel that provides a graphical interface and automation tools. Securing cPanel with 2-step verification helps protect the administrative functions of your website and server.

Step-by-Step Instructions:

1. Log in to cPanel:
   • Access your cPanel by going to your domain followed by /cpanel (e.g., yourdomain.com/cpanel) and log in with your credentials.
2. Find the Security Section:
   • Once inside cPanel, locate the “Security” section.
3. Enable 2-Step Verification:
   • Click on “Two-Factor Authentication.”
   • Click on “Set Up Two-Factor Authentication.”
4. Configure 2-Step Verification:
   • You will be presented with a QR code. Scan this QR code using an authenticator app like Google Authenticator or Authy on your smartphone.
   • Enter the 6-digit code from the authenticator app into cPanel.
5. Complete Setup:
   • Click on “Configure Two-Factor Authentication” to finalize the setup.
6. Backup Codes:
   • Save any backup codes or recovery keys provided during the setup process.

---

4. Backup Your Website

Use a plugin to create backups:

Regular backups are essential for website security. They allow you to restore your website to a previous state in case of data loss, hacking, or other issues. The All-in-One WP Migration and Backup plugin simplifies the process of creating and managing backups.

Step-by-Step Instructions:

1. Install and Activate the Plugin:
   • Log in to your WordPress admin dashboard.
   • Go to Plugins > Add New.
   • Search for “All-in-One WP Migration.”
   • Click “Install Now” and then “Activate.”
2. Create a Backup:
   • After activation, go to “All-in-One WP Migration” in the left-hand menu.
   • Click on “Export”.
   • Select your preferred export method (We recommend “File”).
3. Download the Backup:
   • If you choose “File”, the plugin will create a backup and prompt you to download it.
   • Save the file in a secure location on your computer or an external storage device. An additional copy will be saved in your server.

5. Update WordPress

Keep up with WordPress updates:

Keeping WordPress up to date is crucial for security and performance. Each update often includes security patches, bug fixes, and new features.

Step-by-Step Instructions:

1. Check for Updates:
   • Log in to your WordPress admin dashboard.
   • If an update is available, you’ll see a notification in the admin toolbar or under Dashboard > Updates.
2. Update WordPress:
   • Go to Dashboard > Updates.
   • Click “Update Now” to update to the latest version.
3. Verify the Update:
   • After the update is complete, check your website to ensure everything is working properly.

---

6. Update Themes

Keep Themes up-to-date:

Updating your WordPress theme is necessary to ensure compatibility with the latest WordPress version and to apply any security patches released by the theme developers.

Step-by-Step Instructions:

1. Check for Theme Updates:
   • Log in to your WordPress admin dashboard.
   • Go to Dashboard > Updates or Appearance > Themes.
2. Update Themes:
   • If an update is available, select the theme and click “Update Now”.
3. Verify the Update:
   • Review your website to ensure that the updated theme does not cause any display or functionality issues.

---

7. Update Plugins

Secure Plugins by updating them:

Keeping plugins updated is essential for security, as outdated plugins can be vulnerable to attacks. Updates also ensure compatibility with the latest WordPress version and enhance functionality.

Step-by-Step Instructions:

1. Check for Plugin Updates:
   • Log in to your WordPress admin dashboard.
   • Go to Dashboard > Updates or Plugins > Installed Plugins.
2. Update Plugins:
   • Select the plugins that need updates and click “Update Now”.
3. Verify the Update:
   • Check your website’s functionality to ensure that the updated plugins do not cause any issues.

---

8. Remove Unnecessary Themes/Plugins

Introduction to Removing Unnecessary Themes/Plugins:

Unused themes and plugins can pose security risks and slow down your website. Removing them reduces potential vulnerabilities and improves site performance.

Step-by-Step Instructions:

1. Identify Unnecessary Themes/Plugins:
   • Log in to your WordPress admin dashboard.
   • Go to Appearance > Themes and Plugins > Installed Plugins.
2. Delete Unnecessary Themes:
   • In Appearance > Themes, click on any inactive theme.
   • Click Delete at the bottom right of the theme details screen.
3. Delete Unnecessary Plugins:
   • In Plugins > Installed Plugins, deactivate the plugin you want to remove.
   • Once deactivated, click “Delete” to remove the plugin from your site.

---

9. Disable Code Editing in wp-config.php Using FTP and WinSCP

Introduction to Disabling Code Editing:

Disabling code editing within the WordPress dashboard prevents unauthorized users from accessing and modifying your theme and plugin files through the built-in editor. This is a crucial step to protect your site from malicious code injections.

Step-by-Step Instructions:

1. Open WinSCP and Connect to Your Server:
   • Launch WinSCP and enter your FTP credentials (host, username, and password) to connect to your server.
2. Navigate to the WordPress Directory:
   • In WinSCP, navigate to the root directory of your WordPress installation, typically located in /public_html or a similar directory.
3. Locate wp-config.php:
   • Find the wp-config.php file in the root directory of your WordPress installation.
4. Edit wp-config.php:
   • Right-click on wp-config.php and select “Edit” or “Edit in Notepad++” (depending on your setup).
   • Add the following line of code to the file:
     define('DISALLOW_FILE_EDIT', true);

   • Save the changes and close the editor.
5. Upload the Edited File:
   • After saving, WinSCP will prompt you to upload the modified file back to the server. Confirm the upload.
6. Verify the Changes:
   • Log in to your WordPress admin dashboard.
   • Navigate to Appearance > Theme Editor and Plugins > Plugin Editor to ensure that the editing options are disabled.

10. Disable Plugin Installation in wp-config.php Using FTP and WinSCP

Introduction to Disabling Plugin Installation:

Preventing the installation of new plugins through the WordPress admin dashboard can help mitigate security risks by controlling what plugins can be added to your site.

Step-by-Step Instructions:

1. Open WinSCP and Connect to Your Server:
   • Launch WinSCP and enter your FTP credentials to connect to your server.
2. Navigate to the WordPress Directory:
   • In WinSCP, navigate to the root directory of your WordPress installation.
3. Locate wp-config.php:
   • Find the wp-config.php file in the root directory of your WordPress installation.
4. Edit wp-config.php:
   • Right-click on wp-config.php and select “Edit” or “Edit in Notepad++”.
   • Add the following line of code to the file:
     define('DISALLOW_FILE_MODS',true);

   • Save the changes and close the editor.
5. Upload the Edited File:
   • After saving, WinSCP will prompt you to upload the modified file back to the server. Confirm the upload.
6. Verify the Changes:
   • Log in to your WordPress admin dashboard.
   • Attempt to navigate to Plugins > Add New to ensure that the installation option is disabled.

11. Share Limited Access with “Temporary Login Without Password” Plugin

Introduction to Limited Access:

Sometimes, you need to provide temporary access to your WordPress site for collaborators or developers. The “Temporary Login Without Password” plugin allows you to create secure, time-limited access without sharing passwords.

Step-by-Step Instructions:

1. Install and Activate the Plugin:
   • Log in to your WordPress admin dashboard.
   • Go to Plugins > Add New.
   • Search for “Temporary Login Without Password.”
   • Click “Install Now” and then “Activate”.
2. Create a Temporary Login:
   • After activation, go to Users > Temporary Logins.
   • Click on “Create New” at the top.
3. Configure the Temporary Login:
   • Enter the user’s name and email address.
   • Select the role for the temporary user (e.g., Editor, Contributor).
   • Set the expiration time (e.g., 1 day, 1 week).
4. Generate the Login Link:
   • Click on “Submit” to create the temporary login.
   • A unique link will be generated.
5. Share the Link:
   • Copy the generated link and share it with the intended user via email or other secure communication methods.
6. Manage Temporary Logins:
   • Return to Users > Temporary Logins to view and manage existing temporary logins.
   • You can delete or modify temporary logins as needed.

By implementing these advanced security measures, you add significant protection to your WordPress website. Disabling code editing and plugin installation reduces the risk of unauthorized changes, while the “Temporary Login Without Password” plugin ensures secure temporary access when needed.