Protect my wordpress blog

james_bond_007 · May 6, 2023

I've read a ton of articles on how to make my Wordpress website impenetrable to hackers.

-Always update themes and plugins
-Use strong passwords
-Never install nulled themes and plugins
-Use Wordfence
-Create daily back-ups
-Change the WordPress login page URL

Did I miss something? What can you add to this list?
P.S. I'm a beginner, so I'm afraid of doing something wrong

Festinger Vault · May 6, 2023

james_bond_007 said:
-Never install nulled themes and plugins

You can if you use them from a trusted source

But that's basically the basis of running a good and healthy WordPress instance.

Make sure to use a 2 authentication plugin as well.

For example:
https://nl.wordpress.org/plugins/two-factor-authentication/
And I would recommend to use CleanTalk Anti malware/spam plugin:
https://wordpress.org/plugins/security-malware-firewall/
It's one of the best security plugins available for WordPress

tazarbm · May 6, 2023

I would also add limiting login attempts

Pixelator · May 6, 2023

james_bond_007 said:
I've read a ton of articles on how to make my Wordpress website impenetrable to hackers.

-Always update themes and plugins
-Use strong passwords
-Never install nulled themes and plugins
-Use Wordfence
-Create daily back-ups
-Change the WordPress login page URL

Did I miss something? What can you add to this list?
P.S. I'm a beginner, so I'm afraid of doing something wrong

Limit login attempts, Use two-factor authentication and Disable file editing

Dopious · May 7, 2023

Use the FREE FluentAuth and the paid Pro version of BBQ , and you will have a great start with both firewall, limit logins and 2FA logins.

gurunatty1 · May 28, 2023

james_bond_007 said:
I've read a ton of articles on how to make my Wordpress website impenetrable to hackers.

-Always update themes and plugins
-Use strong passwords
-Never install nulled themes and plugins
-Use Wordfence
-Create daily back-ups
-Change the WordPress login page URL

Did I miss something? What can you add to this list?
P.S. I'm a beginner, so I'm afraid of doing something wrong

pls can I have a link to download some of those articles that you read on about how to keep a wordpress website safe. I also would love to read them. thanks in advance

fd55 · May 28, 2023

I would also say to maybe block certain crawlers.

G33K · May 28, 2023

james_bond_007 said:
What can you add to this list?

Go to _https://securityheaders.com/ and check your URL.
You will be shocked by the mark of your URL

Then go to Google to search how to correct your headers. You see, it may vary.

TheMarquis · May 28, 2023

james_bond_007 said:
I've read a ton of articles on how to make my Wordpress website impenetrable to hackers.

-Always update themes and plugins
-Use strong passwords
-Never install nulled themes and plugins
-Use Wordfence
-Create daily back-ups
-Change the WordPress login page URL

Did I miss something? What can you add to this list?
P.S. I'm a beginner, so I'm afraid of doing something wrong

Nothing is 100% impenetrable, but you did an excellent job there. Following the mentioned points, your site will be way much safer than the average WP user.

MKSKS · May 28, 2023

Wordpress security headaches even 007 is SCARED & concerned.

Jokes apart OP you have missed a very important point in your list:
Secure and optimized hosting service.

With all the crap hosting overcrowding you need to find a host that's secure and also optimized so that performance is not affected.

Ashk881 · May 28, 2023

james_bond_007 said:
I've read a ton of articles on how to make my Wordpress website impenetrable to hackers.

-Always update themes and plugins
-Use strong passwords
-Never install nulled themes and plugins
-Use Wordfence
-Create daily back-ups
-Change the WordPress login page URL

Did I miss something? What can you add to this list?
P.S. I'm a beginner, so I'm afraid of doing something wrong

unplug your wordpress site from the internet.

Run it in some local network or a staging environment that stays behind a firewall 24/7. Generate static pages for your entire wordpress site. Serve the static pages.If your blog does not have a comment section, this is the only full-proof way. If there's nothing to hack you can't be hacked.

solidguy_82 · May 28, 2023

Hey bro check softaculous section of wordpress cpanel what more you can do. It has everything
block htaccess
file permission disable
change default admin username
Wordfence
Use strong password
Cloudflare
You can do much more

Proman7427 · May 28, 2023

You missed one more thing, a hosting with quickest support so that you can run to them in case something wonder happened to your WP site. My site was hacked 7-9+ times. Every time I go to their support (Cloudways) and they corrected it for me, sometimes I revered my site to some back-in-time.

But if I had not that support, I would surely be one of the hater of WordPress on the internet.

The one plugin which helped me a lot to recover and protect my site is "WordFence". Here are few things I did too:

Never have the user Admin as an admin
Limited the attempts
Added 2 FA
Increased the Block-time for bad-passwords
Whitelisted my own IP
Added some settings to immediately add the IP to blacklist

Gogol · May 28, 2023

Ashk881 said:
unplug your wordpress site from the internet.

Run it in some local network or a staging environment that stays behind a firewall 24/7. Generate static pages for your entire wordpress site. Serve the static pages.If your blog does not have a comment section, this is the only full-proof way. If there's nothing to hack you can't be hacked.

+1 to this.

The best way to protect wp is to not use it as the frontend. Just use the backend, and protect it with a htpasswd or something (or have a whitelist may be). Also have the wp api exposed, which you will use for the static site generation like the quoted reply. An alternative approach to that would be to use the database itself directly, but that will involve having to write the sql queries by yourself, which can be daunting.

Agency Viser · Jun 10, 2023

you can use some restriction by putting the code on .htaccess file .

Protect my wordpress blog

james_bond_007

Registered Member

Festinger Vault

Elite Member

tazarbm

Elite Member

Pixelator

Regular Member

Dopious

Elite Member

gurunatty1

Newbie

fd55

Regular Member

G33K

Junior Member

TheMarquis

Elite Member

MKSKS

Banned for failing to resolve dispute.

Ashk881

Elite Member

solidguy_82

Banned - Multiple Rules Violations

Proman7427

Junior Member

Gogol

Elite Member

Agency Viser

Junior Member

Main Menu

Marketplace

Making Money

BlackHatWorld

Other