How to harden WordPress
I have devoted a fair amount of time in the last few months to learn WordPress. I’ve often heard people say that WordPress is not secure and can be easily hacked. Well, given that it’s a very popular CMS system for websites makes it a good target for hackers. There are some steps for securing and hardening WordPress websites. In this blog post, I would like to show you how to do it.
Actions to take
There are several simple things you can do, which work together to make your WordPress website a lot more secure. Certainly, it’s no guarantee that it will keep hackers away, but it will definitely make it more difficult for them.
Below is a list to harden WordPress best.
- rename wp-admin login page
- do not use admin as a username
- use the built-in password generator
- Update WordPress regularly
- Update your WordPress plugins
- change the wp database prefix, use a unique prefix
- User registration should require approval
- Comments should be approved first before publishing
- Use captcha for comments or contact forms
- Blacklist IPs with failed login attempts
Install a security and firewall plugin
There is a WordPress plugin “All in one WP Security” available which does all the above for you and more. It’s free and easy to use.
I just installed the plugin without activating any features. The plugin immediately starts to record any login attempts. Within a few days, I had over 2000 attempts to log in to my website, something I would never have found out without installing the plugin. Now with the plugin fully configured, the failed login attempts have reduced to just a few per week. Also, the plugin effectively blacklists those attempts.
This makes it quite clear, that it is an absolute must for every WordPress website owner to use a security and hardening plugin. If you haven’t already done so, make sure to install one and configure it properly, either yourself or ask someone for help.
At Fiverr I offer a gig for a very reasonable price. I would be happy to harden your WordPress website for you.