Onboarding with Solid Security Pro

Why You Should Use the Solid Security Pro Onboarding

The Solid Security Pro onboarding wizard allows you to configure your site quickly

 

Step 1 – Pick a Security Site Template

The first step to secure your site is to pick a Security Site Template

 

 

An eCommerce site requires a different level of security than your average blog. That is why we created security site templates to auto-configure the best security settings for your website. You can choose from six different site templates.

  1. eCommerce – A website to sell products or services.
  2. Network – A website to connect people and communities.
  3. Non-Profit – A website to promote your cause or collect donations.
  4. Blog – A website to share your thoughts or to start a conversation.
  5. Portfolio – A website to showcase your craft.
  6. Brochure – A simple website to promote your business.

 

Step 2 – Identify Important Users

Before we go any further, let’s take a moment to talk about User Groups. To make it easier to manage the user security on your site, Solid Security Pro sorts all of your users into different groups. Sorting users into different security groups allows you to manage the security settings that affect user experience.

In step 2, you will be asked to identify any clients, the users that will manage Solid Security Pro, and the user roles of your customers.

Just like site types, different types of users require different levels of security. After the key stakeholders of your site are identified, Solid Security Pro will sort them into security groups. After the groups are sorted, you will be asked a series of questions to ensure the right amount of security is applied to each group.

 

Configuring Security For a Client

You will be asked if you are configuring Solid Security Pro for a client on the second onboarding screen.

 

 

 

The onboarding process is designed to make things easier when configuring Solid Security on a client’s site. After selecting Client in step two, you will be asked to identify the WordPress users that your clients use.

 

 


Identify which users will manage Solid Security Pro

After selecting which users are your clients, Solid Security Pro will ask you to identify which users will manage Solid Security Pro on the site. We recommend including yourself and anyone else who needs access to the Solid Security Pro settings.

 

 

 

Should your clients be able to view and make changes to the Solid Security Pro settings?

After selecting your clients and identifying who will manage Solid Security Pro, Solid Security Pro will create a Client security group. Then you will need to decide whether or not your clients should have access to the Solid Security Pro settings.

Toggle the Yes, allow managing of Solid Security option to grant your clients access to the Solid Security Pro settings.

 

 

 

There are times when your clients may need or demand to have Administrator access on a site that you manage for them. By default, all Administrator users have access to the Solid Security settings. However, restricting your client’s access to the security settings may be in everyone’s best interest.

We have heard stories of clients changing security settings without knowing what they are actually changing. Or, a simple lockout notification – a sign that security is working – caused unnecessary concern because the client thought it meant they had been hacked.

Limiting access to the security settings can save both you and your clients a lot of headaches.

 

Security for Customers

During onboarding, you will be asked to select the WordPress user roles assigned to your customers. Depending on the complexity of your site, you may have multiple user roles for your different types of customers.

 

 

 

Solid Security Pro will create a Customer security group that will include all of your customers. You probably don’t want to apply the same level of security to your site Administrators and Customers. Having a Customer security group allows you only to enable the settings that make sense for this type of user.

After selecting your customers, you will be asked a couple of questions about what security features you want to enable for this group.

 

Question 1: Do you want to secure your customer accounts with two-factor authentication?

Toggle the Yes, require Two-Factor for these users option to force your customers to use two-factor authentication when logging in.

 

 

 

Question 2: Do you want to secure your customer accounts with a password policy?

Toggle the Yes, enforce a password policy for these users will require your customers to use a strong password that hasn’t appeared in a database dump monitored by have i been pwned.

 

 

It is completely understandable and encouraged to make creating or logging into a customer account as easy as possible. However, your customers may not know that the password they are using has been found in a data dump. You would be doing your customers a great service by alerting them that the password they are using has been compromised. If they are using that password everywhere, you could save them from some major headaches down the road.

 

Step 3 – Configure Global Settings

Most Solid Security Pro settings only need to be enabled to start protecting your site. But some settings require a little extra configuration to start blocking bad guys.

 

 

Authorized Host List

Add your IP to the Authorized Host List to prevent yourself from getting locked out or banned.

 

IP Detection

Choose how Solid Security Pro determines your visitor’s IP addresses.

 

Step 4 – Enable Important Security Features

In the onboarding flow, we highlight the most important security features you should enable. Let’s take a look at the recommended settings.

 

 

Login Security Settings

  • Two-Factor – Increase the security of your WordPress login page by requiring an extra form of identification to login.
  • Passwordless Login – Allow users to login without entering a password.
  • Trusted Devices (Beta) – Remove privileges when someone logs in from an unidentified device.

 

Firewall

  • Firewall – Block active exploits on vulnerable plugins and themes you have on your site.
  • Local Brute Force – Automatically lockout out users after repeated failed login attempts.
  • Network Brute Force – Join a network of sites that report and protect against bad actors.
  • Magic Links – Allow real users to request a magic link to bypass a lockout.
  • CAPTCHA – Identify and block bad bots.

 

Site Check

  • Site Scan Scheduling – Automatically scan your site twice a day to check for vulnerabilities.

 

Configure Security Settings

Most Solid Security Pro settings only need to be enabled to start protecting your site. But some settings require a little extra configuration to start blocking bad guys.

 

Network Brute Force

Enter your email address to receive your Network Brute Force Protection license.

 

 

CAPTCHA

Generate new or enter your existing Google reCAPTCHA keys to start blocking bad bots.

 

 

Step 5 – Set Up User Groups

You have two options when setting up User Groups, Default (the easy way) and Custom (the hard way).

 

 

Default User Groups are the simplest way to get started using Solid Security Pro. Solid Security Pro will create the user groups for you and enable security settings for each group based on the Site Template you chose and the answers you gave during onboarding.

We can see that our ClientsSecurity Managers, and Customers security groups were created.

 

 

If we select the Customers User Group, we will find that based on the answers we gave, Strong Passwords and Refused Compromised Passwords are enabled but not Require Two Factor.

 

 

If we click the Edit Group tab, we can see that all of the user roles we identified as our customers belong to the group.

 

 

Custom User Groups

Custom user groups give you more control over how groups are created and what security settings are applied to each group. However, you are required to build your user groups from scratch.

 

 

Step 6 – Set Default Email Recipients

By default, all site Administrators receive email notifications generated by Solid Security Pro. However, let’s make our user the default recipient to ensure our clients don’t receive any unwanted notifications.

 

 

Step 7 – Secure Your Site

The only thing left to do is to click the Complete Setup button and wait for the circular progress bar to finish loading to apply everything we have done.

 

Bonus Step – Pat Yourself on the Back

Finally, pat yourself on the back for making your site more secure than ever!

 

 

 

Have more questions? Submit a request