Most of the time a website running WordPress is hacked the culprit is not WordPress, but of any silly misconfiguration that could be avoided during its development. That’s the idea of this project: Being a checklist of actions that you should take to increase the security of your website. Lockdown the login page for repetitive failed login (Login Lockdown or iThemes Security ) Rename the URL of your login page (iThemes Security or directly on .htaccess) Remove login links from the theme (if there’s any) Use a strong password contaning uppercase, lowercase, numbers, and special characters on all accounts (password generator) Change the passwords regularly Make the login error messages more generical (user/pass) (tutorial) Administrative Panel Password protect the folder wp-admin Keep WordPress up-to-date Do not create an account with username admin. If there is any, create a new Administrator account and delete the old one Create an Editor account and use it solely to publish content Implement SSL for the WordPress admin section Scan the website for viruses, malware, and security breaches Themes Keep the theme up-to-date Delete and remove unused themes Download and use themes only from
Share This