Security
The WordPress platform has a bad name when it comes to security, we at BuiltByCactus do not believe this is particularly fair.
Many sites built using WordPress are indeed insecure, however there are a few practices and relatively simple steps that can be taken to dramatically improve the security of the websites we build.
General best practices
- Be vigilant when it comes to choosing plugins, use those that are well-known, well-reviewed, and trusted.
- Keep WordPress and plugins updated constantly
- Keep permissions locked down as needed
Checklist
Essential
Here we have a list of critical steps that should be taken.
- Change admin name
- Strong admin password
- Limit login attempts
- Change table prefix
-
Ensure secure salts and keys are generated and placed in
the
wp-config.php
file -
Prevent directory browsing:
- Modify
.htaccess
and add the following lineOption ALL -Indexes
- Modify
-
Protect config file
- Add the following to
.htaccess
```bash
order allow,deny deny from all ```
- Add the following to
- A (preferably automatic) backup procedure
-
Prevent access to
.htaccess
file- Edit
.htaccess
file to add ```bash
<Files ~ “^.*.([Hh][Tt][Aa])”> order allow,deny deny from all satisfy all </Files> ```
- Edit
Optional
-
iThemes Security
- Set up an automatic backup routine
- Install and configure Akismet
- Implement 2FA (plugins: ShieldSecurity , Google Authenticator , Duo Two-Factor Authentication)
- Disable hotlinking
- Secure videos (VdoCipher plugin)
- Password protect from admin panel
- Protect images by disabling right-click on images
- Protect copy by disabling right-click
- A CDN will prevent DDOS
Bibliography
- Hardening WordPress - WordPress.com
- WordPress Security – 19 Steps to Lock Down Your Site - Kinsta
Appendix
.htaccess
file
The complete # Prevent access to directories
Option ALL -Indexes
# Prevent access to wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#Prevent access to .htaccess file
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>