16/08/2017

Keeping WordPress Safe and Secured Guidelines

Hello guys, i was asked couple of days ago to write an article regarding How to Secure WordPress for freelancermap.com website as a guest blogger. Now while that was a complete new experience for me, i think it went well … now the article has been published and you can find it here:

https://www.freelancermap.com/freelancer-tips/12026-wordpress-security

Since i wouldnt want to restate facts that  i have stated on the article for reasons of duplicity (dont want to repeat myself) i will quote myself on some of the most important stuff.

WordPress Security Checklist:

  • update everything that can be updated (ofcurse test that it does not break your current features implemented in the website)
  • hide everything that can be hidden following the principles of security by obscurity
    • dont show your username on frontend
    • if possible change wp-admin and login url to something else
    • remove wordpress credit and all other wordpress and/or plugin related references from website
    • hide errors from showing up on frontend
    • disable debug features in production environment
    • disable directory browsing/indexing
  • harden everything
    • dont use admin as the administrator’s username
    • use a hard-to-guess password
    • use brute-force detection and blocking mechanisms
    • use banning mechanisms for users that
    • configure roles correctly
    • remove un-needed users
    • eliminate all un-needed stuff (un-needed plugins and themes, especially if you dont update oftenly)
    • disable xml-rcp if possible
    • disable theme/plugin editor in wp admin
    • configure correctly the chmod for files and folders (specially for important files like htaccess and wp-config.php)
  • use a good hosting company (a hosting company that is wordpress oriented would be the perfect solution)
  • do backups very oftenly (how often is relative, based on your traffic’s site and how often you update the content)

Well in my opinion this is the checklist, i might have missed something or even i might have added some new items but anyway being secure is something that we wont ever achieve at 100% so no matter how big the checklist is … what matters the most is how much we care about being safe, if we care, we will have the passion to learn about this, put things that we learned in practice and well if everything fails … we always have the backups :p

Hoping you liked the article (the one on freelancer i mean :p).