Security is an important part of our digital lives and hosting a website is no different. The WordPress Security Tips listed here are useful for both beginners and veterans alike. You would not let a stranger into your house with a loaded gun and your website should be no different.
WordPress Security Tips:
You have to accept that your WordPress site is vulnerable to attack at all times and you need to do what you can to protect it. It is critical that you have basic security looked after in addition to WordPress security. Remember that a weak hosting provider and or a weak workstation can lead to bigger problems. For the purpose of this article we will assume that your have selected a suitable hosting provider and that your workstation is secure.
Change the Administrative username:
This single change is probably the most important next to keeping your software up to date. This article will help you Change The WordPress Admin Username.
Consider MFA/2FA authentication:
Two factor authentication is a very good way to make sure that even if your password is compromised a second verification is required. You have probably encountered 2FA with your bank where an SMS is sent to you with a code to verify a money transfer and most systems work on the same principal. For WordPress you can look at Google Authenticator, Authy or Clef. All 3 work very well and are incredibly easy to get configured.
Disable XML-RPC:
XML-RPC is used for remote functions on your WordPress site and is one of the biggest hacking targets. Typically you would need to use it if you use Jetpack or remote blogging software on your phone. If however you do not need to use it consider disabling the service through a plugin.
Keep everything up to date:
You should already know this but software updates are important. You will want to keep your WordPress installation and any computers used for administrative functions updated. A good habit is enabling automatic updates where possible to avoid increased risks on your website.