WordPress Hardening & Security Tips

Quick list of common and popular WordPress security tips for automated scripted attacks. Wasted server resources translate in to slower websites and not a great user experience.

Securing WordPress Login

Limit the attempts to the login web page with the following plugins:

One of our favorites is:

Cerber Security & Limit Login Attempts

Protect User Enumeration

Bots can source out your usernames, the following plugin disables it.

Fullworks WP VPS Security

WordPress Firewall Plugin

Bots looking for weaknesses to exploit can be stopped with BBQ: Block Bad Queries. This is a simple ‘set it and forget it’ WordPress plugin. This is a great plugin to help protect server resources for invalid requests.

BBQ: Block Bad Queries

WordPress Firewall with .htaccess

Alternatively, one can set up a firewall directly within the .htaccess file and not having to use a plugin.

6G Blacklist is a definitive source of information for setting a firewall via .htaccess file

https://www.perishablepress.com/6g/

Ban IP Addresses

Ready to go ban IP plugin

WP-Ban

Scan for Exploits and malicious code

This plugin searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. Scans your posts, pages, plugins and comments

Exploit Scanner