WordPress has been always targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to WordPress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your WordPress.
1. Harden the security of your WordPress.
This article from WordPress codex go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. Before proceeding to the steps below, I highly recommend that you follow all the listed steps in the article and execute them.
2. Install Wordfence
This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your WordPress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.
3. Rename your wp-login.php
Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your WordPress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.
4. Scan your website
After all the hard-work, you want to make sure your website is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.
5. Stay up to date
Know the latest plugin vulnerability. Subscribe to Sucuri’s blog. Being the security firm that we trust, Sucuri’s blog are the most up-to-date when it comes to reporting vulnerabilities simply because… it is their business.
Thanks to Mark Magno.