What Happens When Security is Weak?

• Misuse and deletion of all data in the database (customer data, etc.)
• Deletion of articles and websites
• Domain misuse (used as a stepping stone for phishing scams, etc.)
• Email misuse

Typically, corporate homepages don't hold customer data, but if you fall victim to a security breach after putting effort into SEO to strengthen your domain, all that effort could go to waste.

Therefore, I think it's worth implementing at least the minimum measures that can be done easily and quickly, so I'll introduce them here.

Disadvantages of Security Settings

Work can become a bit more troublesome at times.

Setting up security can sometimes cause errors or create slightly inconvenient situations.

I'll discuss specific examples of this in the methods section below.

Preventing Access to WordPress Admin Panel

Once someone gains access to the admin panel, they can do various things.

They can execute JavaScript or PHP code, so most things can be compromised.

Therefore, let's take measures to prevent unauthorized access to the admin panel.

Hide the Login Page

You can use plugins to change and hide the login page.

【WordPress】How to Change Admin Panel Login URL (SiteGuard WP Plugin) - Rakko Server Plus

Disadvantages of Hiding the Login Page

"You might forget the login page URL"

By installing a plugin, the login page becomes less accessible to others, but you also need to know the URL to log in yourself.

Information sharing about this might become troublesome.

If you forget the URL, you'll need to look it up through your rental server's control panel or similar means.

IP Restriction - Allow Access Only from Company or Employee IPs

This is explained in detail in the following article.

→ How to Apply IP Restrictions to WordPress Site Login and Admin Panel

Disadvantages of IP Restrictions

Every time the IP changes, you need to configure settings in the server's control panel

Setting Up WAF

Configure firewall settings (Web Application Firewall).

When doing this yourself, it's common to install plugins or write restrictions in .htaccess files for control.

Using Rental Server's WAF (Easy Method)

For example, with ConoHa WING , you can easily set up WAF with a simple click as shown in the image.

You can use it just by turning the usage setting "ON".

It blocks URL inputs and text inputs that seem like security attacks.

Looking at this management screen, you can see that attacks happen quite frequently, which reinforces the importance of security.

If this WAF causes errors in your WordPress work, you can exclude only that specific setting by clicking "Exclude" in the image.

So far, I've only excluded the settings shown in the following image, and everything else works without problems.

The reason I excluded this setting was that it was triggered by regular expressions when writing articles in English.

It's very convenient and can be easily set up and used even by non-engineers, providing peace of mind.

I think using rental servers that come with such convenient features is one good option.

Using Plugins

I don't use them myself, but using plugins is also an option.

The reason I don't use them is because of plugin reliability concerns.

I believe that unless you know who created the plugin and have third parties regularly reviewing the code for safety, installing plugins could actually make things more dangerous.

Rather than assuming good intentions, let's operate under the assumption that plugin creators could suddenly become malicious actors.

If you do use plugins, I would at least:

• Choose ones with many users and reviews
• Turn off automatic updates and use safe versions
• Regularly check for version updates and update manually

That's what I would do.

If you know of plugins that have been confirmed safe, using them could be very effective. They are convenient, after all.