3 security tips to reduce WordPress url spamming

There’s nothing more frustrating than receiving spammy WordPress registrations and unsuccessful login attempts.

Most of these attempts are nothing more than people with a bit too much time on their hands.

And without adequate protection for your WordPress website, these same persons can dismantle your website in the blink of an eye.

In fact, if careless with WordPress and plugin management, you could find yourself with a hacked website, and locked out. And then what?

Roughly 25,000 WordPress websites are hacked due lazy security practices. Reading WordPress Security, One of the easiest compromises happens with the use of insecure and weak passwords.

Another happens due to websites using WordPress’ built in comment system which requires people to register to leave a comment.

To combat this, simply don’t require people to register to leave comments. However the problem with this is that you’ll likely see an increase in spammy comments.

That said, I recommend using the Disqus plugin for comments. It’s easy and provides a layer of security without any cost to you.

Oh, another way to limit spammy registrations is to not allow anyone to register. Do this by simply not checking or unchecking the following box in General settings section of your WordPress website (see image).

WordPress Anyone Register Settings

These are a few simple ways to combat spammy WordPress accounts and activity.

But the real secret I want to share with you is a simple and easy-to-use WordPress plugin. This plugin, iThemes Security, is battle tested and locks the door on spammy activity on all accounts.

One way it does this by allowing privileges to change the following:

  • Change the WordPress admin url name
  • Change the WordPress login url name
  • Change the WordPress registration url name

Attempting to change all three of the aforementioned bullets can become a technical quagmire for the technically challenged and a few of us technically inclined folk too.

iThemes makes it so easy to change all three options, and without much, if any, downtime.

One thing to note when changing any of the url names is not to use “login”, “register”, and “admin” in the new url.

Should you use those terms, then you’ll easily help hackers in their efforts to identify their way into your WordPress website for the next hackathon session.

Nevertheless, this is one of many security features the iThemes Security plugin offers. I highly recommend exploring the other options and their configuration settings.

Having the iThemes Security plugin installed and activated has made WordPress easier to manage and allowing me a good night’s rest knowing I’m keeping the riff raft out and on the correct side of WordPress.. 😉

Watch the quick tutorial video and let me know what you think. Do subscribe to our YouTube channel and drop us a comment/question should you need additional help.

Written by Alvin Brown
He's an experienced and passionate serial entrepreneur, founder and publisher of Kickstart Commerce. Alvin possesses a great love for startups dominating their market using profitable digital strategies for greater commerce.