WordPress Security Standards

• June 17, 2015
• Leave a comment

A lot of WordPress administrators are concerned about security these days. There are certain easy steps which should be followed to avoid hacking of WordPress sites:

1. Keep WordPress updated – as there are certain bug fixes and security updates implemented by WordPress developers
2. Make sure your plugins are always updated
3. Avoid unnecessary themes and plugins. Always delete extra plugins and themes which are no longer needed on the site
4. Restrict direct access to WordPress directories through HTACCESS and empty index.php file in uploads, wp-content, themes and plugin directories
5. File permissions should be set chmod 755 for directories (except for media upload folder which could be chmod 777) and chmod 644 for files
6. Hide the WordPress version being used in included files (CSS & JavaScript)
7. Remove WordPress generated meta tags
8. Always use mark passwords for admin panel access
9. Avoid “admin” or “administrator” as username
10. Disable file editing through the admin panel, or any rookie can edit your files that have access to the admin panel. Worst case scenario? If any hacker gains access to the admin panel, at least he cannot access the files and change theme or insert malicious code
11. Apply invalid login attempt lock downs to avoid Brute Force attacks
12. Use security plugins like iThemes security (Formerly known as Better WP-Security)
13. Backup your WordPress directory before any major change. Also backup the  database at regular intervals – once a week or every fortnight is recommended; all the content and settings will be saved to the database.