WordPress is one of best CMS used by millions of people for different purposes. But, Not to mention this is one of the most vulnerable CMS on the internet 🙂 This is how i secure the WP within less than five minutes 🙂
- Install Wordfence and configure properly
- Disable login hints and Login Limits
- Change WP admin Path
- Disable Directory Browsing & XML RPC
- Harden .htaccess fille with chmod 0666
- Disable/Delete unwanted plugins and themes
- Give right permission to the directories
- Re-engineer the robots.txt file properly
- Install & Enable login Notification Plugin
- Install & Enable Activity log Plugin
- Have strong Password with 30 days Reset Policy
- Disable trackback and file editing
- Update WP core and Plugins Ontime
- Install and Configure Auto Backup Plugin ( Eg: updraft)
- Find the best WP Host ( Eg: WPengine,bitnami cloud,etc)
Again, Makesure you have multiple offsite backups from different platforms 🙂 Anyway, What you’ll do when it comes to WP security ?
