WordPress Security should not be taken lightly especially in light of recent attacks on the platform as well as stats that show as much as 73% of WordPress websites are susceptible to a security break in one way or another.
The three biggest failure points on most WordPress websites can easily be secured and fixed with a few simple steps. Those points are:
Not keeping the WordPress Core and Plugins upto date
Having unused plugins and themes installed on your site.
Still having a username admin or having weak passwords.
Here are 10 suggestions to help keep you from being exploited.
- • Always run the very latest version of WordPress
- • Always run the very latest versions of your plugins and themes
- • Choose and use only plugins you need
- • Remove unused themes
- • Delete the admin user and remove unused plugins, themes and users
- • Make sure every user has their own strong password
- • Enable two factor authentication for all your users
- • Generate complex secret keys for your wp-config.php file
- • Choose a trusted hosting company and Consider hosting with a dedicated WordPress hosting company
- • Put a Web Application Firewall in front of your website
You can also check out this presentation I did for Victoria WordPress Meetup
Below is a list of links and tools that will help in your quest to secure your site.
List of links and plugins to help you secure your WordPress website.
Create your salt – https://api.wordpress.org/secret-key/1.1/salt/
How to choose a strong password – http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/
WordFence – http://wordpress.org/plugins/wordfence/
WordPress File Monitor Plus – http://wordpress.org/plugins/wordpress-file-monitor-plus/
WP Security Audit Log – http://wordpress.org/plugins/wp-security-audit-log/
Login Security Solution – http://wordpress.org/plugins/login-security-solution/
Emergency Password Reset – http://wordpress.org/plugins/emergency-password-reset/
BulletProof Security – http://wordpress.org/plugins/bulletproof-security/