24+ WordPress Security Tips

I recently wrote a post about cleaning up your hacked wordpress site and wanted to follow up with a quick post on how to actually prevent your site from getting hacked.
The order I chose for releasing the posts seems a bit silly. Of course you would want to prevent hackers first, however, most people don’t even think about hack-proofing their site until it actually happens.
I am keeping this post short and sweet since no one wants to read too much about this boring and scary subject. I will not go into detail for each of the security tips. Maybe later I will create a post to talk about each of these…
So check out my 24+ WordPress Security Tips below and be safe!
- Upgrade WordPress
- Update your themes & plugins
- Delete the default admin account
- Change default passwords
- Use “strong” passwords
- Limit login attempts (note: this is included with good hosting)
- 2-Factor Authentication
- Move your wp-config.php file
- Use secret keys in your wp-config.php file
- Change the WordPress table prefix
- Lockdown your htaccess to allow only certain IPS to access it
- Use shell access as opposed to FTP
- Create a blank index.html in your plugins directory (should be there in newer WP versions)
- Block access to the wp-admin folder using your .htaccess file
- Remove the WordPress version string from your header.hp file
- Block your wp folders from search engines
- Do not allow people to register as administrators by default – limit user access
- Keep spam comments out
- Backup your database and server-side files regularly
- Use proper file permission settings on all files on your server
- Use secured connections to access your WP admin pages
- Add SSL to your website
- Scan for vulnerabilities
- Use good hosting
- Implement tips 1 through 24
Hopefully this list will help you improve your WordPress security. And if you want to take you security to the next level have a look at these other WordPress security tips from our WPExplorer authors:
- 5 Default Security Threats in WordPress and How to Fix Them
- How To Secure Your WordPress Blog, Helpful Tips For Any User
- Best .htaccess Snippets to Improve WordPress Security
- Is Your WordPress Site Secure? 10 Things to Look For
- WordPress Security: Is Your WordPress Site Really Secure?
Let us know what worked for you or if you have any questions in the comment below!
Comments
No comments yet. Why don't you kick off the discussion?