Hardening & Best Practice
Essential Security Measures
1. Strong Authentication
// Add to wp-config.php
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
- Enforce strong passwords
- Enable two-factor authentication
- Limit login attempts
2. File Permissions
Correct permissions for WordPress:
- Directories: 755
- Files: 644
- wp-config.php: 600
3. Security Headers
Add to .htaccess:
# Security Headers
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
4. Disable File Editing
// Add to wp-config.php
define('DISALLOW_FILE_EDIT', true);
define('DISALLOW_FILE_MODS', true);
Recommended Security Plugins
-
Wordfence Security
- Real-time firewall
- Malware scanner
- Login security
-
iThemes Security
- 30+ security measures
- File change detection
- Strong password enforcement
-
All In One WP Security
- Security hardening
- Firewall rules
- User account monitoring
Security Configuration Checklist
- Change default "admin" username
- Use strong, unique passwords
- Enable two-factor authentication
- Hide WordPress version
- Disable XML-RPC if not needed
- Protect wp-config.php
- Disable directory browsing
- Regular automated backups
- Monitor file changes
- Keep everything updated