Simple WordPress Security

WordPress Security should not be taken lightly especially in light of recent attacks on the platform as well as stats that show as much as 73% of WordPress websites are susceptible to a security break in one way or another.

The three biggest failure points on most WordPress websites can easily be secured and fixed with a few simple steps. Those points are:

Not keeping the WordPress Core and Plugins upto date

Having unused plugins and themes installed on your site.

Still having a username admin or having weak passwords.

Here are 10 suggestions to help keep you from being exploited.

• Always run the very latest version of WordPress
• Always run the very latest versions of your plugins and themes
• Choose and use only plugins you need
• Remove unused themes
• Delete the admin user and remove unused plugins, themes and users
• Make sure every user has their own strong password
• Enable two factor authentication for all your users
• Generate complex secret keys for your wp-config.php file
• Choose a trusted hosting company and Consider hosting with a dedicated WordPress hosting company
• Put a Web Application Firewall in front of your website

You can also check out this presentation I did for Victoria WordPress Meetup

Below is a list of links and tools that will help in your quest to secure your site.

List of links and plugins to help you secure your WordPress website.

Tools

Create your salt – https://api.wordpress.org/secret-key/1.1/salt/

How to choose a strong password – http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/

Plugins

WordFence – http://wordpress.org/plugins/wordfence/

WordPress File Monitor Plus – http://wordpress.org/plugins/wordpress-file-monitor-plus/

WP Security Audit Log – http://wordpress.org/plugins/wp-security-audit-log/

Emergency Password Reset – http://wordpress.org/plugins/emergency-password-reset/

BulletProof Security – http://wordpress.org/plugins/bulletproof-security/