If you’re concerned about WordPress security, you should read this great article on KeyCDN “WordPress Security – Complete 16 Step Guide“. It’s a comprehensive list of things to do to make your WordPress site more secure. It’s current for 2016. Doing all 16 steps is a big undertaking, but just plucking off the easy steps will help a lot.
I already have strong passwords and I don’t use “admin” as my user name for any of my blogs or my clients’ blogs. You use strong passwords, too, right? The KeyCDN article links to these password tips from Boston University.
I use and really appreciate the WordFence Security plugin to prevent brute-force login attempts. Even the free version reports how many login attempts it has thwarted — daunting to see how many, and comforting to know they were blocked.
Since I’m not on shared hosting, I could edit my http security headers to add protection for cross-browser scripting and preventing off-site framing of my pages.
There’s more I need to tackle, like a comprehensive content security policy. I’ll also review file permissions according to the guidelines in the article.
If you need help with security for your WordPress site, give me a call!