Knowledge Base
How to Secure Your WordPress Installation
WordPress Security Hardening
Specific steps to make WordPress more secure.
During Installation
- Don't use "admin" as username
- Use strong password
- Change default table prefix (wp_ to something unique)
Essential Security Plugins
- Wordfence Security
- Sucuri Security
- iThemes Security
Secure wp-config.php
Move sensitive info and set permissions:
- Set file permissions to 600
- Move above web root if possible
- Add security keys
Disable File Editing
Add to wp-config.php:
define('DISALLOW_FILE_EDIT', true);
Hide WordPress Version
Remove version info that hackers can use.
Change Login URL
Use plugins like WPS Hide Login to change /wp-admin.
Limit User Permissions
- Only give admin access when needed
- Use appropriate user roles
- Remove inactive users
Regular Maintenance
- Update WordPress core promptly
- Update themes and plugins
- Remove unused themes/plugins
- Review user accounts