WordPress Security Tips

Tips to make you WordPress site secure

WordPress Security can be hardened, simply by increasing the degree of difficulty to hack.

WordPress Security Tips

  • Host your blog with a reputed Managed WordPress host.
  • Always Keep WordPress Updated.
  • Use secure themes, and make sure you regularly.
  • Delete unused WordPress themes.
  • If not required disable new user registration in WordPress.
  • Make your nickname different than WordPress login username.
  • Change WordPress “Display name publicly as” to something different than login username.
kinsta managed wordpress hosting
Pay Yearly, Get 2 Months FREE
convertkit email marketing tool
14 Days Free Trial
  • Change WordPress database table prefix to avoid SQL injection attack.
  • Change WordPress user ID to hide login username from your-site.com/?author=1 which redirects to author url [your-site.com/author/username/].
  • Change WordPress Author URL Base, and Slug (user_nicename).
  • Keep a log of WordPress Database and PHP errors.
  • Enable HTTPS.
  • Force WordPress blog to HTTPS.
  • Remove unnecessary server response headers like Server, X-Powered-By, X-backend, etc…
  • Enable HTTP Strict Transport Security (HSTS)
  • Enable Content Security Policy.
  • Enable XSS protection.
  • Enable referrer policy.
  • Only allow authorized applications to access WordPress Rest API.
  • Block global access to readme, license, quickstart, and changelog file.
  • Activate web application firewall to filter traffic.
  • Always use SFTP or SSH to connect to server.
  • Disable directory listing for WordPress files and folders.
  • Disable PHP execution in WordPress uploads directory.
  • To make your WordPress site secure, contact me.
Live Chat Software
Improve Sales & Service with Chat & Ticketing System

Aim of the above guide is to minimize loopholes, and secure WordPress website from hackers.

Moral of the Story
Prevention is better than cure.