Protect your WordPress Site in 8 Steps.
#WPTW meets the first Thursday of each month at TheHouseTW - a co-working space for creatives in the centre of Tunbridge Wells.
2. Protect your WordPress Site in 8 Steps
Change any obvious usernames and
passwords and don’t use ADMIN
1
3. Protect your WordPress Site in 8 Steps
Don’t give everyone admin rights.
Editors can still manage and edit
posts and pages. Remove users that
no longer need access.
2
4. Protect your WordPress Site in 8 Steps
Delete unused plugins and non-core
themes and keep used plugin
updated.
3
5. Protect your WordPress Site in 8 Steps
Install the ‘JetPack’ Plugin as it’s easy to
setup and offers brute force protection.
4
6. Protect your WordPress Site in 8 Steps
Hide wp-config.php & .htaccess from being access.
Copy these lines of code to your root .htaccess file:
5
<Files wp-
config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
7. Protect your WordPress Site in 8 Steps
Deny any PHP execution in the /wp-includes or /wp-
content/uploads/ folder by adding a new .htaccess file
in these directories.
6
<Files *.php>
deny from all
</Files>
8. Protect your WordPress Site in 8 Steps
Disable file editing within Wordpress. Open wp-
config.php and add this line of code before. You will
need to make future changes to your files using FTP.
7
define('DISALLOW_FILE_EDIT', true);
9. Protect your WordPress Site in 8 Steps
Hide the standard login URL using the plugin
‘WPS Hide Login’
8
10. Protect your WordPress Site in 8 Steps
Hide the standard login URL using the plugin
‘WPS Hide Login’
8