Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

Securing Your WordPress Website - WordPress Support Services by Maintainn

maintainn.com | Mar. 3, 2020 | 1 min read

Beyond maintenance, what else could you be doing to secure your WordPress website? Read this blog post to learn more.

65 votes   Flag
Webnus Studio

Good one, most important WP security terms that I can think of are these:
1- Strong & long length database name & database username and password.
2- 5+ charactered table prefix.
3- Using plugins from trusted sources and developers.
4- Staying up-to-date as much as possible.
5- Not storing wp login and ftp information in weak places.
6- Hiding generators tags.
7- Using a plugin like Wordfence to block intruders.
8- wp-config.php and .htaccess 440 or 400 file permission to block outsource access.
9- Using escape in html fields.
10- Force users to use strong passwords.
11- Benefit from a highly configured software and hardware firewall on server.
12- Using an uptime monitor to detect ddos attacks and site getting downs.
13- Always change the default WP-Admin login path.
14- Always keep daily backup outside of the main server of your site to restore in case of getting hacked.
15- Try to use two-way authentication for login.
16- Make sure not to use deprecated social login integration plugins.
17- Use the latest version of php.
18- Disable uploading non-relevant files.
19- Limit max upload size from public forms.
20- Disable crawlers access to plugins folder via robots.txt
21- Disable directory listing in .htaccess.
22- Try to use a premium CDN plan.

Reply
robert Abela

Good list, however, they forgot to add / mention the activity logs, a crucial tool for managing and keeping a WordPress website and its users secure.

Reply
Sarah Pocket

Very good information to know.

Reply