Security Tips

Update WordPress, your themes and plugins.
Change username from Admin to something else.
Use a strong password.
Delete the wp-config-sample.php from your root folder along with the readme and any unnecessary files. I deleted the readme.txt and the license info text file.
Keep a minimum of themes and just the plugins that you use.
Turn off Settings -> General: Membership “Anyone can register” IF you do not plan on having people register on the site.
Regularly backup your site.
Implement SSL certificates (Talk to your web host).
Hide the WP-Admin login page.
Update PHP.
Use a WordPress security plugin.

Security plugins

Sucuri Scanner
iThemes Security
All In One WP Security
Bulletproff Security
Shield Security
Wordfence
Malcare
Security Ninja


Site scan

https://sitecheck.sucuri.net/  
https://www.unmaskparasites.com/
https://wpscan.org/ – WPScan is a black box WordPress vulnerability scanner.
WordPress plugin exploit scanner

Resources:

https://www.searchenginejournal.com/secure-wordpress-site-inmotion-spcs/448266/
https://kinsta.com/blog/wordpress-security-plugins/

Another security tutorial that I have is: A short overview of WordPress Security plugins.

Share the article:

Leave a Reply

Your email address will not be published.

two × 2 =