WordPress Security

WordPress is used by more than 23.3% of the top 10 million websites making it a popular target for hackers. Below I’ve listed the security measures I adopt when building a custom WordPress website:

• Secure WordPress using Security Keys and Salts
• Ensure any form data is escaped and sent using nonce. A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise.
• Changing the URL will help prevent brute force attacks, as scripts are normally targeted at the default login URL.
• Ensure that usernames and passwords are strong to prevent hacking.
• Limiting login attempts; iThemes allows you to limit logins attempts from an IP address. This helps protect against brute force attacks.
• Changing the database prefix to a custom prefix.

I use the following plugins to help secure WordPress:

• iThemes
  • Brute Force Protection
  • File Change Detection
  • Email Notifications
  • Hide Login & Admin
  • Lock Out Bad Users
• Securi
  • Post-Hack Security Actions
  • Effective Security Hardening
  • Blacklist Monitoring
  • Remote Malware Scanning
  • File Integrity Monitoring