Securing WordPress

  • Update wordpress
  • Update plugins and themes
  • Delete any unused themes and plugins
  • Audit user list
  • Login security
  • askimet
  • delete “admin” acount
  • use complex passphrases
  • captcha on all forms (comments, registering, login, etc..)
  • understand file permissions
  • use sftp or ssh to transfer file or modify permissions (regular FTP does not use encryption)
  • Use SSL when doing administration on your site (regular login does not use encryption)]
  • Jetpack / Cloudflare
  • Backups

Leave a Reply

Your email address will not be published. Required fields are marked *