Knowledgebase:
Top WordPress Security Tips
Posted by RAJU K, Last modified by RAJU K on 07 March 2013 10:35 PM

Top WordPress Security Tips:

    1. Limit Access to wordpress

  • Multi-factor authentication on wp-admin
  • Only use admin accounts for admin tasks
  • Get rid of generic accounts like Editor, Author, Contributor and Subscriber, and know who is accessing your environment. 
  • IP Filtering
  • Password protect wp-admin folder.

   2. Use Strong Passwords

  • Long / complex / unique
  • Force strong passwords on your users. Start using a password managing utility like 1Password.

   3. Keep a backup; you never know when you'll need it.

   4. Stay UDATED! - Run the latest version of WordPress, Themes and upgrade your plugins.

   5. Harden your directories so that attackers can’t use them against you.

   6. Disable PHP execution in wp-includes, wp-content and uploads folders.

   7. Disable Theme / Plugin Editor

 

Lastly, don’t be cheap when it comes to security. We always say that the best security measure is great backups. Please please please keep good regular backups of your site.

For more extensive information on Hardening WordPress can be found here.

http://codex.wordpress.org/Hardening_WordPress


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).