This blog post is not an attempt to make the most comprehensive checklist for making your WordPress installation more secure; there are many of these around the Internet. Instead, this is an easy list based on my experience working with WordPress installations. The aim is to make your installation more secure than your neighbour, without installing bloated plugins.
Basics
Have a clean installation: don’t leave phpMyAdmin installed (don’t try just to hide it with leaving the version in the directory name like "phpMyAdmin-4.6.4-all-languages"). Also, no SQL-files laying around on the server.
Next level
If you don’t use file editing, disable it. Add define(‘DISALLOW_FILE_EDIT’, true); in your theme’s functions.php.
Make sure directory listing is off, add Options All -Indexes to .htaccess if you are using Apache.
Depending on your hosting sometimes PHP error reporting can be on. Add this to your wp-config.php ini_set(‘log_errors’,’On’);
ini_set(‘display_errors’,’Off’);
ini_set(‘error_reporting’, E_ALL );
Register a free account on UptimeRobot to check the site is up. Tip: Don’t just monitor the front-page of the site, try some page deeper in the hierarchy or setup a
Source: https://managewp.org/articles/13550/wordpress-security-checklist
source https://williechiu40.wordpress.com/2016/10/06/wordpress-security-checklist/
No comments:
Post a Comment