I have to apologize if this is the wrong section. If so and I have offended you just lock the post. I had tried posting for help in the iThemes plugin forum here (The only place for iThemes specific support?) but like many posts in that forum here, the questions went unanswered.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
The username can be found out and it is not considered as part of security. I once thought usernames were 50% of the security of your login, but after reading about it I came to the realisation that it’s not at all. It’s the password that has the security. The point is to just use a more secure password.
For instance, if I figured out I wanted to change my username to a string of random characters instead of “anevins” (that’s my username on wordpress.org), I might think about having a string of 20 characters in random assortment so that it’s completely unguessable. Why not just add 20 characters to the password itself? The logic to add security to the username is actually the same as adding it to the password.
Usernames are generally not a random string of characters, they’re email addresses, combinations of first and last names, human readable and guessable things. People have stopped investing in security in usernames.
It took me a while to get my head around it, but it makes a lot of sense. Invest in strong passwords and good security practices. Usernames aren’t part of security.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I fixed the title, it looked a little too spammy to me.
The main question is what is the best (preferably free) security to use in the sites, to protect them at their best from hacking?
Step two: learn to keep your WordPress, your plugins and your themes up to date with the latest versions.
Step three: If you can, keep your server code up to date as well.
Step one: Learn how to backup, validate your back up and restore your site.
*Drinks coffee*
The ordering and numbers are not a mistake. 😉 If you can do those three or at least step two and step one, then you’re reasonably secure. For even more security try hardening your WordPress.
https://wordpress.org/support/article/hardening-wordpress/
I do not use a single security plugin. Never have. You and other may be different and rather than suggesting one here, look for one and see how it is supported. Then pick one for yourself.
Best security to protect your site from hack activities, a lot of step you can maybe consider, among of thing are :
– install your site with SSL security. You can use this features through your hosting, and also install simple SSL plugin
– routine backup your site through cpanel-file manager
– install limited login attempt plugin
– always update your plugin regularly
– install security plugin, such as wordfence security
