WordPress is used by more than 23.3% of the top 10 million websites making it a popular target for hackers. Below I’ve listed the security measures I adopt when building a custom WordPress website:
- Secure WordPress using Security Keys and Salts
- Ensure any form data is escaped and sent using nonce. A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise.
- Changing the URL will help prevent brute force attacks, as scripts are normally targeted at the default login URL.
- Ensure that usernames and passwords are strong to prevent hacking.
- Limiting login attempts; iThemes allows you to limit logins attempts from an IP address. This helps protect against brute force attacks.
- Changing the database prefix to a custom prefix.
I use the following plugins to help secure WordPress: