24+ WordPress Security Tips

I recently wrote a post about cleaning up your hacked wordpress site and wanted to follow up with a quick post on how to actually prevent your site from getting hacked.
The order I chose for releasing the posts seems a bit silly. Of course you would want to prevent hackers first, however, most people don’t even think about hack-proofing their site until it actually happens.
I am keeping this post short and sweet since no one wants to read too much about this boring and scary subject. I will not go into detail for each of the security tips. Maybe later I will create a post to talk about each of these…
So check out my 24+ WordPress Security Tips below and be safe!
- Upgrade WordPress
- Update your themes & plugins
- Delete the default admin account
- Change default passwords
- Use “strong” passwords
- Limit login attempts (note: this is included with good hosting)
- 2-Factor Authentication
- Move your wp-config.php file
- Use secret keys in your wp-config.php file
- Change the WordPress table prefix
- Lockdown your htaccess to allow only certain IPS to access it
- Use shell access as opposed to FTP
- Create a blank index.html in your plugins directory (should be there in newer WP versions)
- Block access to the wp-admin folder using your .htaccess file
- Remove the WordPress version string from your header.hp file
- Block your wp folders from search engines
- Do not allow people to register as administrators by default – limit user access
- Keep spam comments out
- Backup your database and server-side files regularly
- Use proper file permission settings on all files on your server
- Use secured connections to access your WP admin pages
- Add SSL to your website
- Scan for vulnerabilities
- Use good hosting
- Implement tips 1 through 24
Hopefully this list will help you improve your WordPress security. And if you want to take you security to the next level have a look at these other WordPress security tips from our WPExplorer authors:
- 5 Default Security Threats in WordPress and How to Fix Them
- How To Secure Your WordPress Blog, Helpful Tips For Any User
- Best .htaccess Snippets to Improve WordPress Security
- Is Your WordPress Site Secure? 10 Things to Look For
- WordPress Security: Is Your WordPress Site Really Secure?
Let us know what worked for you or if you have any questions in the comment below!