Menu Close

How to Secure a WordPress website ?

Home Forums Managed WordPress Hosting How to Secure a WordPress website ?

Tagged: ,

This topic contains 3 replies, has 4 voices, and was last updated by Aaqilfaraj Aaqilfaraj 4 months, 2 weeks ago.

  • Author
    Posts
  • #1048
    Eric Smith
    Eric Smith
    Keymaster

    I recommend the following steps to be implemented immediately to secure and to improve performance of your website.

    1) Update your WordPress installation to the latest available version. If you have any plugins and themes installed under WordPress, please make sure that you update them to the latest version as well.

    2) Password protect the WordPress admin directory (wp-admin) so that it will have an additional protection. You can do that through cPanel > Directory Privacy.

    3) Install security plugins like:
    http://wordpress.org/extend/ plugins/limit-login-attempts/
    http://wordpress.org/extend/ plugins/better-wp-security/
    https://wordpress.org/plugins/ captcha/

    4) Optimize your wordpress installation.
    http://codex.wordpress.org/ WordPress_Optimization/Caching

    5) Disable PHP execution in /wp-content/uploads/ folder and /wp-includes/ folder.

    Setup .htaccess file in above folders and add following content.

    <Files *.php>
    deny from all
    </Files>

    6) Deny all requests to the xmlrpc.php file, except for your IP, using the following .htaccess rules.

    Block WordPress xmlrpc.php requests

    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from x.x.x.x
    </Files>

    Replace x.x.x.x with your local IP. If you didn’t need any IP addresses to use XML-RPC requests, just don’t use any allow lines.

    7) Remove folders of unused plugins, themes completely.

  • #1087
    Doris
    Doris
    Participant

    1. Don’t use admin as a username

    3. Use a less common password

    4. Add Two-Factor Authentication

    5. Employ Least Privileged principles

    6. Hide wp-config.php and .htaccess

    7. Use WordPress security keys for authentication

    8. Disable file editing

    9. Limit login attempts

    10. Be selective with XML-RPC

    11. Hosting & WordPress security

    11. Stay up-to-date

    • This reply was modified 1 year, 7 months ago by Doris Doris.

    dissertation writing service[/url]

  • #1266
    Alex Morco
    Alex Morco
    Participant

    You need to go with managed secure WordPress hosting, I am using Cloudways and they do a daily backup, also providing free SSL and have tight security.

  • #1316

    Changing the web page login URL is an easy thing to do. By default, the WordPress login page can be accessed easily via admin or wp-admin added to the site’s main URL.

    Business Setup Consultants

You must be logged in to reply to this topic.

Skip to toolbar