Just a note. If your backup system can be controlled within Wordpress (manage, delete backups…) be cautious. If someone gets in with admin privileges, backups can be deleted, also if they reside on cloud storage. Better look at solutions, which does not be able to be controlled within the WP dashboard.
Great video as always Paul, definitely some points I need to consider implementing on my client's websites. Yes please on the 8g firewall video, I'm very keen to see that 👍
Thank you for the overview and all the tipps! 😁 I would appreciate it a lot if you could share your backup system / process 🙏 Where do you store the backups, do you encrypt them, how many backups do you keep, etc. ...
Thanks for htis video! I recently moved from Divi to Bricks and I'm been worried about launching my website because I wasn't sure how to protect it beyond running updates. This helped put my mind at ease. I'm going to implement these as my base level form of security. I would like to see a future video on setting up the 8G firewall you mentioned. Also I have MFA setup with my hosting. How do I setup MFA on the WordPress admin pages for the sites I build? I appreciate you taking the time to round up these tactics to ensure we're as secure as possible.
Hey Paul, thanks for the awesome video. For WPVivid, the "marking this backup can only be deleted manually" option means it can only be deleted from server level, right? So let's say if I chose remote backup such as Google Drive and I enabled that option, I can't delete the backup from admin dashboard, only from the Google Drive itself, am I understanding it correctly?
Nope. It means you can delete it in the wpvivid backup manager. It is NOT deleted automatically because you have a certain number of backup set and reached. Lets say you automatically backup 7 times according to your schedule, #8 will be stored and #1 deleted. If let’s say #1 can only be deleted manually it will not be considered as one of the 7 versions and stay wherever it is. But it can be deleted in the backup manager of wpvivid. Therefore it might be a good idea to have a backup like a NAS or cloud where even deleted files can be restored. In my @pCloud the deleted files are restorable for 30 days, on my NAS I have ample space and can decide when I want to delete already deleted files. So I use next to the localhost pCloud and my home NAS with wpvivid. It works like a charm.
Does anyone still use AIO Security plugin? Is it good anymore? It seemed to have a ton of options to lock down the site as much as possible. Curious if Solid Security is better.
Probably not, no. You lose any control over site updates and that can cause more harm in the long run if things go wrong and you don't notice them. With Patchstack, I set it up to only update IF there is a known vulnerability. All my other updates are handles using something like MainWP to manage my sites.
Great video, thanks! Would you say the free version of Solid Security is sufficient, or does it make sense to upgrade to the paid version? Does the Patchstack protection mentioned in this video cost money? I heard it's integrated in Solid Security (to a certain extent). I'd love to hear more about the 6G, 7G or 8G protection. Never heard of this before!
From a front end point of view, Solid Security free is a good choice. I would pair that up with some of the other suggestions in the video to add additional layers of protection for sure. The Patchstack option included in SSP isn't the same as having the paid version of Patchstack - as a bare minimum I would probably stick with SS free and pay for the $5 a month security option in the Community plan on Patchstack for the site you want to protect. I'll be releasing the video on 8G Firewall later this week. :)
great video, thank you Paul, i noticed that un authorised users seem to find out usernames... would you recomend to 'Disable username enumeration' in security settings?
HI Paul, I wathced your Solid WP video e fore this one, in SolidWP Pro you have Patchstack included, so are you also paying seperatley for patchstack as well?
I use the free version of Solid Security, so Patchstack isn’t included. Plus, the pro version of SS only has the catching feature. Patchstack has more than just that. 👍
![โรงเรียนตอนตี 2 โคตรหลอน..!! [โรงเรียนไดเม่]](http://i.ytimg.com/vi/2MAEMwqVYh8/mqdefault.jpg)
Yes please to a 8G tutorial. Thank you
8G - sounds like a must have!!
It's well respected as is the developer.
Just a note. If your backup system can be controlled within Wordpress (manage, delete backups…) be cautious. If someone gets in with admin privileges, backups can be deleted, also if they reside on cloud storage.
Better look at solutions, which does not be able to be controlled within the WP dashboard.
Exactly why you should have multiple back-up solutions in place in case of issues either on server or off server. ;)
Yes Paul Please do an 8G Video Tutorial!
I love your content and your style!
Great video as always Paul, definitely some points I need to consider implementing on my client's websites.
Yes please on the 8g firewall video, I'm very keen to see that 👍
Thank you for the overview and all the tipps! 😁 I would appreciate it a lot if you could share your backup system / process 🙏 Where do you store the backups, do you encrypt them, how many backups do you keep, etc. ...
Thanks for htis video! I recently moved from Divi to Bricks and I'm been worried about launching my website because I wasn't sure how to protect it beyond running updates. This helped put my mind at ease. I'm going to implement these as my base level form of security. I would like to see a future video on setting up the 8G firewall you mentioned. Also I have MFA setup with my hosting. How do I setup MFA on the WordPress admin pages for the sites I build? I appreciate you taking the time to round up these tactics to ensure we're as secure as possible.
Great, highly needed video!
Hey Paul, thanks for the awesome video.
For WPVivid, the "marking this backup can only be deleted manually" option means it can only be deleted from server level, right?
So let's say if I chose remote backup such as Google Drive and I enabled that option, I can't delete the backup from admin dashboard, only from the Google Drive itself, am I understanding it correctly?
That is my understanding, yes.
Nope. It means you can delete it in the wpvivid backup manager. It is NOT deleted automatically because you have a certain number of backup set and reached.
Lets say you automatically backup 7 times according to your schedule, #8 will be stored and #1 deleted. If let’s say #1 can only be deleted manually it will not be considered as one of the 7 versions and stay wherever it is. But it can be deleted in the backup manager of wpvivid.
Therefore it might be a good idea to have a backup like a NAS or cloud where even deleted files can be restored.
In my @pCloud the deleted files are restorable for 30 days, on my NAS I have ample space and can decide when I want to delete already deleted files. So I use next to the localhost pCloud and my home NAS with wpvivid. It works like a charm.
Does anyone still use AIO Security plugin? Is it good anymore? It seemed to have a ton of options to lock down the site as much as possible. Curious if Solid Security is better.
Solid security vs wordfence? Which is better ?
Good video!
Would you recommend enabling auto-updates on plugins?
Probably not, no. You lose any control over site updates and that can cause more harm in the long run if things go wrong and you don't notice them. With Patchstack, I set it up to only update IF there is a known vulnerability.
All my other updates are handles using something like MainWP to manage my sites.
show us 8g pls
8G tutorial would be so cooool !
Keep an eye out in the next day or 2 - it will be on the channel. :)
Great video, thanks! Would you say the free version of Solid Security is sufficient, or does it make sense to upgrade to the paid version?
Does the Patchstack protection mentioned in this video cost money? I heard it's integrated in Solid Security (to a certain extent).
I'd love to hear more about the 6G, 7G or 8G protection. Never heard of this before!
From a front end point of view, Solid Security free is a good choice. I would pair that up with some of the other suggestions in the video to add additional layers of protection for sure.
The Patchstack option included in SSP isn't the same as having the paid version of Patchstack - as a bare minimum I would probably stick with SS free and pay for the $5 a month security option in the Community plan on Patchstack for the site you want to protect.
I'll be releasing the video on 8G Firewall later this week. :)
@@WPTutsThanks for the suggestions, I will look into them. Great that a video about 8G is coming up!
@@markuserikssen the video should be online in about an hour :)
Yes pls on 8g. 🎉❤
Hahaha love that CSI intro!
Thank you. :)
What about HTTPS Security Headers?
Disable wp-json users for non admins
great video, thank you Paul, i noticed that un authorised users seem to find out usernames... would you recomend to 'Disable username enumeration' in security settings?
Yes, it's another option that makes it a little harder to gain username information and give hackers and bots half of your login credentials.
What about SSL encryption?
6 7 g sounds good
HI Paul, I wathced your Solid WP video e fore this one, in SolidWP Pro you have Patchstack included, so are you also paying seperatley for patchstack as well?
I use the free version of Solid Security, so Patchstack isn’t included.
Plus, the pro version of SS only has the catching feature. Patchstack has more than just that. 👍
8G tutorial please
It’s already uploaded. Have a look at the recent videos on the channel and it’s there. 👍
8G Firewall
Means just adding content inside 8G-Firewall.txt to my .htaccess file? On top, like in your video?
Yes, that's exactly how it works. 2 minutes and you'll have it all installed and working and works fine alongside tools like Better Security.