WordPress Hardening & Security Tips

Quick list of common and popular WordPress security tips for automated scripted attacks. Wasted server resources translate in to slower websites and not a great user experience.

Securing WordPress Login

Limit the attempts to the login web page with the following plugins:

One of our favorites is:

Cerber Security & Antispam

Protect User Enumeration

Bots can source out your usernames, the following plugin disables it.

Stop User Enumeration

WordPress Firewall Plugin

Bots looking for weaknesses to exploit can be stopped with BBQ: Block Bad Queries. This is a simple ‘set it and forget it’ WordPress plugin. This is a great plugin to help protect server resources for invalid requests.

BBQ: Block Bad Queries

WordPress Firewall with .htaccess

Alternatively, one can set up a firewall directly within the .htaccess file and not having to use a plugin.

6G Blacklist is a definitive source of information for setting a firewall via .htaccess file


Ban IP Addresses

Ready to go ban IP plugin


Scan for Exploits and malicious code

This plugin searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. Scans your posts, pages, plugins and comments

Exploit Scanner