(23 votes, average: 4.57 out of 5)
Loading...Secure WordPress (security) has always been food for thought. Even though most of the latest updates deal with WordPress security issues, there is still a lot that can be done to improve that security, even by the less tech-savvy of us. In this article, I’d like to enumerate a number of suggestions on how to improve security on your own WordPress website.
- Change the WordPress database table prefix
- Back up your site regularly
- Rename your login URL
- Don’t use the “admin” username
- Set strong passwords for your database
- Secure your hosting setup
- Use strong passwords
- Protect the wp-config.php file
- Disallow file editing
- Set directory permissions carefully
- Disable directory listing with .htaccess
- Update regularly
- Remove your WordPress version number
- Monitor your files
- Protect the wp-admin directory
- Limit login attempts
- Secure your own PC
- Updating plugins regularly
- Downloading plugins/themes from well known sources
- Delete plugins you don’t use (be careful)
- Reduce the overall number of plugins (some can be replaced)
- Install security plugin (some well-known plugins)
- Protecting WordPress from brute force attacks
- Using CloudFlare
- Performe a theme check
- Block pingbacks and trackbacks
- Generate a new WordPress security keys
- Disabling XML-RPC
- Disabling PHP error reporting
- Keep an eye on your Google Console
- Become a regular reader of Sucuri
- Check out unsecure plugins
