Community Forums › Forums › Archived Forums › General Discussion › Securing WordPress
Tagged: wordpress secure live server
- This topic has 1 reply, 2 voices, and was last updated 8 years, 4 months ago by Jess.
-
AuthorPosts
-
December 10, 2015 at 3:06 pm #173481bmcMember
Hello,
I have completed my WordPress website in localhost using Genesis and Atmosphere Pro, and now it is ready to go online.
I would like it to be totally secure. This includes the database and WordPress itself. I do not want anyone to register for the website.
What steps should I take to do this?
I found this link but I find some of the suggestions complicated and confusing: http://codex.wordpress.org/Hardening_WordPress
My computer is secure, I chose a strong user password for the admin account on WordPress, I am using FileZilla as an FTP, HostGator is hosting, and I will be transferring data with Duplicator. I have no other plugins installed besides Duplicator and whatever came with Genesis. I don't expect high traffic on this website.
If you need more information, please let me know. Thanks for your help.
December 10, 2015 at 4:14 pm #173490JessMemberThere is no foolproof system to 'totally' secure your site, but your steps in keeping your plugin list clean and using a quality password are certainly good to do. Here are a couple more steps I would recommend:
1.) Consider installing a security plugin. I like Wordfence (https://www.wordfence.com/), and it has free or premium versions. In addition to providing some extra security measures, they will email you for things like major attacks on the WordPress CMS or, if you set it up, when someone makes multiple unsuccessful attempts to log into your site. Other plugins that I have used include bruteprotect, stop spammers spam control, and bad behavior. Just make sure to go into the settings and customize everything to what makes sense for your site.
2.) Name your admin account something other than 'admin', and change the user ID in the database. Instructions for how to do that (and why it improves security) are here: http://www.wpwhitesecurity.com/wordpress-security/change-wordpress-administrator-id/
3.) Set up some kind of backup system for your site files and database (and keep several copies at a time) so that if your site DOES get hacked, you have a few options for restore points. You can use a plugin (one option is UpdraftPlus: http://updraftplus.com/, but there are many) or do this manually--though manual backups can be tedious.
4.) Consider connecting your site to communities that combat spam (this is especially a problem for sites that allow comments). Here are two I have used: http://www.stopforumspam.com/, http://www.projecthoneypot.org/
5.) Keep tabs on what's happening in WordPress here: https://wordpress.org/news/
There are of course, many more options for what you can do (and even more opinions on the pros and cons of each of those options)--but hopefully this list helps you get some more ideas!
-
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.