When I received an offer from the Melapress team, I was excited – and honestly, a little scared. What do I know about security? Almost nothing beyond the basics.
But that’s exactly one of the reasons I said yes. This is something I want to learn.
Just getting started
This week was all about exploring. I quickly realised how many features a “simple” security plugin can actually have. Things like two-factor authentication or secure login sound straightforward, but once you install them… wow. So many options and settings.
I didn’t expect that.
To get my hands dirty, I installed these plugins on my own site:
Starting with the basics: securing the login page
I found this guide pretty useful, as it helped me to understand what is needed to get started, when I’m a complete newbie. Here’s what I focused on first.
I already made sure the essentials were in place while setting up Hosting and server:
✅ Enabled an SSL/TLS certificate (HTTPS)
✅ Switched to strong, unique passwords
✅ Enforced a password policy (length and complexity)
✅ Updated WordPress core, themes, and plugins
✅ Avoided nulled or pirated plugins
Protecting against brute-force attacks
*Brute force attacks are a type of security attack where an attacker repeatedly tries different username and password combinations until one works.
Next, I focused on limiting how login attempts work. This was surprisingly easy to configure with Melapress Login Security:
✅ Limited the number of login attempts
✅ Locked accounts temporarily or required admin approval
✅ Hid WordPress usernames where possible
Small changes, but they reduce a lot of unnecessary risk.
Adding an extra layer of authentication
This part was handled with WP 2FA and felt like a big security upgrade:
✅ Enabled two-factor authentication (2FA)
✅ Set up backup authentication methods (recovery codes)
✅ Disabled password reset links where possible
Even as a beginner, this step made me feel much more confident about account access.
Reducing exposure of the login page
Finally, I worked on making the login page itself less visible and less vulnerable:
✅ Changed and hid the default WordPress login URL
❌ CAPTCHA on the login page – not yet
✅ Enabled automatic termination of idle sessions
Some things are still on my list, and that’s fine as I’m not sure I need more. 😀
I’m just getting started
This is only the beginning. What stood out to me is that security isn’t about turning on one plugin – it’s about layering small, thoughtful decisions over time.
I’m still learning what matters most, what can wait, and how all these pieces work together.
There’s a lot more for me to explore, and I plan to keep learning step by step.
Leave a Reply