5 WordPress Security Tips

WordPress is a great offering, it’s easy to use, developer friendly, SEO friendly & has a massive community around with a wealth of theme and plugin offerings. The down side to WordPress is also what draws so many people to it, its popularity. Because of this hackers are drawn to it. WordPress is built on PHP and MySQL, and comes with a wp-login script which enables users with enough privileges to log into the backend of WordPress, but because this is common knowedge now hackers are taking notice and starting to brute force these scripts, which leads me to tip #1.

1) Don’t use the admin username

The second tip is just as important, if you don’t keep your files and database up to date this can leave to massive security holes. Hackers will find out of date, vulnerable plugins/themes/Wordpress installations  and exploit them. Leading me to tip #2.

2) Keep your WordPress installation, themes and plugins up to date.

The third tip will help keep your site secure in the long term, and also help with monitoring. Some plugins such as Wordfence will monitor your website and when logins are made, emails are sent to an email address of your choosing.

3) Install a security plugin such as Wordfence

The fourth tip will help tackle attackers who have gained access to your WordPress dashboard, most likely through bruteforce and stop them from being able to edit/delete and create files from within the dashboard.

4) Disable file editing

This can be done by simply adding the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

The final tip will stop hackers trying to gain access to your site via logging into the the dashboard by blocking them outright. You need to be careful when doing this as it can cause issues with Ajax, so make sure you’re confident before you begin.

5) Password protect the wp-admin folder