{"id":31632,"date":"2023-07-21T02:29:06","date_gmt":"2023-07-21T02:29:06","guid":{"rendered":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/?p=31632"},"modified":"2023-07-21T02:29:09","modified_gmt":"2023-07-21T02:29:09","slug":"how-secure-your-wordpress-site-25-hardening-suggestions","status":"publish","type":"post","link":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/","title":{"rendered":"How Secure Your WordPress Site (25 Hardening Suggestions)"},"content":{"rendered":"<p><\/p>\n<div>\n<p>If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress.<\/p>\n<p>WordPress is an <a href=\"https:\/\/www.dreamhost.com\/blog\/what-is-wordpress\/\" target=\"_blank\" rel=\"noopener\">excellent, secure platform out of the box<\/a>, but there\u2019s actually more you&#8217;ll be able to (and will!) do to maintain your site secure from malicious intent. A lot of these security enhancements are easy to implement and will be performed manually in mere minutes. Others simply require installing a selected plugin.<\/p>\n<p>In this text, I\u2019ll guide you thru 20 different strategies for upping the defenses in your WordPress fortress. But first, let\u2019s go just a little further into why website security should matter to you.<\/p>\n<h2 id=\"why\">Why WordPress Security Is So Necessary<\/h2>\n<p>Selecting WordPress as your platform is a superb solution to start if you\u2019re attempting to create a site. It\u2019s not only a versatile, powerful platform for constructing web sites \u2014 it\u2019s also remarkably secure as is.<\/p>\n<p>But after all, no platform will be 100% secure, and there are lots of reasons to be concerned in regards to the security of your WordPress site:<\/p>\n<ul>\n<li aria-level=\"1\"><b>Popularity \u2013 <\/b>WordPress powers an enormous portion of all of the web sites on the web, making it a primary goal for cybercriminals. Its widespread usage makes it a gorgeous platform to take advantage of vulnerabilities and gain unauthorized access to web sites.<\/li>\n<li aria-level=\"1\"><b>Vulnerabilities \u2013 <\/b>As with every software, WordPress shouldn&#8217;t be resistant to vulnerabilities. Hackers continually seek for vulnerabilities in WordPress themes, plugins, and core software. Exploiting them can result in unauthorized access, data breaches, defacement, and even complete control of an internet site.<\/li>\n<li aria-level=\"1\"><b>Data breaches \u2013 <\/b>WordPress web sites often store sensitive user information, like email addresses, passwords, and private data. A security breach can expose this confidential data, resulting in identity theft, financial loss, and even legal consequences (yikes!).<\/li>\n<li aria-level=\"1\"><b>web optimization impact \u2013 <\/b>A compromised WordPress site will be used for malicious activities, like hosting malware, redirecting visitors to harmful web sites, or sending spam emails. Search engines like google and yahoo may flag and penalize such web sites, resulting in a big drop in rankings and organic traffic when you regain control of your site.<\/li>\n<li aria-level=\"1\"><b>Status and trust \u2013 <\/b>If a WordPress website is compromised and used for malicious purposes, it might probably severely damage the positioning owner\u2019s status and erode user trust. Consider an e-commerce store, for instance. If the shop can\u2019t commit to keeping shoppers\u2019 personal data secure, people just won\u2019t shop there (and who can blame them?).<\/li>\n<li aria-level=\"1\"><b>Downtime and financial loss \u2013 <\/b>A hacked site can experience prolonged downtime while the web site owner works to resolve the safety breach. In turn, downtime can lead to lost business, decreased revenue, and extra expenses for recovery and restoration.<\/li>\n<\/ul>\n<p>Given these risks, investing in WordPress security measures is crucial to guard your website and its users\u2019 data. Ideally, you need to put just as much effort and time into security as you spent <a href=\"https:\/\/www.dreamhost.com\/blog\/10-web-design-lessons-star-wars\/\" target=\"_blank\" rel=\"noopener\">designing your site<\/a> in the primary place (if no more). Fortunately for you, dear reader, there are a number of easy, quick ways to enhance your site\u2019s security, in addition to some more complex techniques it&#8217;s possible you&#8217;ll wish to employ \u2014\u00a0and below, we\u2019re covering all of them.<\/p>\n<div class=\"blog-cta\">\n<h2>Get Content Delivered Straight to Your Inbox<\/h2>\n<p class=\"cta-content\">Subscribe to our blog and receive great content similar to this delivered straight to your inbox.<\/p>\n<\/div>\n<h2 id=\"top\">Top WordPress Security Vulnerabilities<\/h2>\n<p>Because the saying goes, know thy enemy. Before we dive into our security suggestions, let\u2019s learn more in regards to the security vulnerabilities it&#8217;s essential protect your WordPress site from.<\/p>\n<ul>\n<li aria-level=\"1\"><b>Outdated software, themes, and plugins \u2013 <\/b>Using outdated versions of WordPress, themes, or plugins can leave your site vulnerable to known security flaws.<\/li>\n<li aria-level=\"1\"><b>Weak usernames and passwords \u2013 <\/b>Weak login credentials make it easier for hackers to access your site. Avoid using common usernames like \u201cadmin\u201d and select strong, unique passwords that include a mix of letters, numbers, and symbols.<\/li>\n<li aria-level=\"1\"><b>Brute force attacks \u2013 <\/b>Brute force attacks involve repeated attempts to guess your login credentials. You&#8217;ll be able to prevent them by limiting login attempts and using two-factor authorization (more on that later in this text).<\/li>\n<li aria-level=\"1\"><b>Cross-site scripting (XSS) \u2013 <\/b>XSS vulnerabilities occur when malicious scripts are injected into web pages, potentially compromising users\u2019 browsers or session data. Many security plugins have features to stop XSS.<\/li>\n<li aria-level=\"1\"><b>Malware infections \u2013 <\/b>Malware will be injected into your site through vulnerabilities, infected themes or plugins, or compromised files. To avoid malware, don\u2019t install plugins without checking into their status first. And regular malware scanning can catch infections before they&#8217;ve the possibility to wreak havoc in your site.<\/li>\n<li aria-level=\"1\"><b>Backdoors \u2013 <\/b>A backdoor is a hidden entry point in an internet site that enables unauthorized access even after security measures are in place. Backdoors will be created by malicious actors or by accident introduced through compromised themes, plugins, or weak security practices. Once a backdoor is established, it might probably grant unauthorized access to an attacker, who can then manipulate the positioning, steal data, or perform other malicious activities without the web site owner\u2019s knowledge.<\/li>\n<\/ul>\n<p>Implementing security plugins and other best practices can protect your site from these vulnerabilities. So without further ado, let\u2019s get to what you\u2019re here for: actionable WordPress security suggestions and the best way to put them into practice.<\/p>\n<h2 id=\"tips\">20 WordPress Security Suggestions<\/h2>\n<p>Hopefully, I\u2019ve convinced you in regards to the importance of maintaining a secure WordPress website. If not, I\u2019m going to should re-enroll in Persuasive Writing 101. Please don\u2019t make me do this.<\/p>\n<p>Throughout the remaining of this text, I\u2019ll introduce 20 strategies (together with a few of the perfect WordPress security plugins) for making your site safer from a number of the commonest and dangerous security vulnerabilities. You don\u2019t should implement every suggestion on this list (although you actually can!), however the more steps you are taking to secure your site, the lower your possibilities of encountering a disaster down the road.<\/p>\n<h3>1. Use A Quality Host<\/h3>\n<p>You&#8217;ll be able to consider your web host as your website\u2019s street on the Web \u2014 it\u2019s the place where your site \u201clives.\u201d And like a very good school district matters to your kid\u2019s future (so that they say; I turned out fantastic), the standard of your <a href=\"https:\/\/www.dreamhost.com\/academy\/what-is-web-hosting\/\" target=\"_blank\" rel=\"noopener\">website\u2019s home base<\/a> counts in lots of big ways.<\/p>\n<p>A solid hosting provider can impact how well your site performs, how reliable it&#8217;s, how large it might probably grow, and even the way it ranks in search engines like google and yahoo. One of the best hosts offer a wide range of useful features, excellent support, and a service tailored to your chosen platform.<\/p>\n<p>As you\u2019ve probably already guessed, your web host can even have a big impact in your site\u2019s security. There are several security advantages to <a href=\"https:\/\/www.dreamhost.com\/academy\/how-to-choose-best-web-hosting\/\" target=\"_blank\" rel=\"noopener\">selecting from the perfect hosting corporations<\/a>.<\/p>\n<p><b>How Web Hosting Can Improve WordPress Security:<\/b><\/p>\n<ul>\n<li aria-level=\"1\">A top quality host will continually update its service, software, and tools to answer the most recent threats and eliminate potential security breaches.<\/li>\n<li aria-level=\"1\">Web hosts often offer various targeted security measures, reminiscent of SSL\/TLS certificates and DDoS protection. It&#8217;s best to also get access to a <a href=\"http:\/\/searchsecurity.techtarget.com\/definition\/Web-application-firewall-WAF\" target=\"_blank\" rel=\"noopener\">Web Application Firewall (WAF)<\/a>, which is able to help monitor and block serious threats to your site.<\/li>\n<li aria-level=\"1\">Your web host will probably provide a solution to back up your site (in some cases, even carrying out real-time backups for you), so when you\u2019re hacked, you&#8217;ll be able to easily revert to a stable, previous version.<\/li>\n<li aria-level=\"1\">In case your host offers reliable, 24\/7 support, you\u2019ll all the time have someone to assist you to out when you do run right into a security-related issue.<\/li>\n<\/ul>\n<p><iframe loading=\"lazy\" title=\"DreamPress: The Ultimate WordPress Hosting Solution by DreamHost: The Best Website Hosting Company\" width=\"1020\" height=\"574\" src=\"https:\/\/www.youtube.com\/embed\/1S4CWZYsNLs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p>This list should offer you a very good start line to work from when searching for a number in your recent site. You\u2019ll want to seek out one that gives all the features and functionality you\u2019ll need, plus has a status for reliability and excellent performance.<\/p>\n<p>DreamPress is a <a href=\"https:\/\/www.dreamhost.com\/wordpress\/managed-wp-hosting\/\" target=\"_blank\" rel=\"noopener\">managed WordPress hosting<\/a> service that\u2019s fast, reliable, scalable, and, after all, secure. DreamPress features a pre-installed SSL\/TLS certificate and provides a dedicated WAF designed with rules built to guard WordPress sites and block hacking attempts. Together with your hosting plan, you\u2019ll also get automated backups, 24\/7 support from WordPress experts, and <a href=\"https:\/\/www.dreamhost.com\/blog\/jetpack-premium-dreampress\/\" target=\"_blank\" rel=\"noopener\">Jetpack Premium<\/a> \u2014 a plugin that may add many additional security measures to your site \u2014 at no additional cost.<\/p>\n<p>With DreamPress, you\u2019ll give you the chance to rest easy knowing that your site is protected. Our hosting service even takes care of lots of the other security-enhancing steps on this list \u2014 although we still encourage you to read on to learn what extra measures you&#8217;ll be able to take to guard your site.<\/p>\n<h3>2. Register Your Domain Privately<\/h3>\n<p>To register a site, you\u2019re asked to supply your name, address, and phone number. This information is used to <a href=\"https:\/\/www.dreamhost.com\/blog\/private-domain-registration-faqs\/\" target=\"_blank\" rel=\"noopener\">track ownership of domains<\/a> and will be found online with a fast search on the WHOIS directory.<\/p>\n<p>While keeping track of this information is important to the health of the web, it\u2019s reasonable to not want your personal information online. That is where Private Registration enters the story. If you register a site with DreamHost (or one other secure hosting platform, I <i>guess<\/i>), you&#8217;ve gotten the choice to substitute your personal information with the relevant data from the hosting platform \u2014 so looking up your domain on WHOIS shows DreamHost\u2019s address and make contact with information as an alternative of yours. You&#8217;ll be able to even <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216458407-Enabling-WHOIS-privacy-settings\" target=\"_blank\" rel=\"noopener\">enable this security feature<\/a> after your domain has already been registered!<\/p>\n<h3>3. Change Your Admin Username<\/h3>\n<p>If you first create your website, all shiny and recent, you\u2019re given a User Profile. At any time, you&#8217;ll be able to return and alter your Nickname or fill in your Full Name, but to <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-change-your-wordpress-username\/\" target=\"_blank\" rel=\"noopener\">change your username<\/a> is a unique story \u2014 you will have to create an entire recent user and grant that account the administrator role. The disadvantage? It&#8217;s essential to use a unique email address than the one utilized by your current account.<\/p>\n<p>You&#8217;ll be able to then alter your username by making a recent user, giving it the <a href=\"https:\/\/www.dreamhost.com\/blog\/wordpress-user-roles\/\" target=\"_blank\" rel=\"noopener\">administrator role<\/a>, attributing all of your content to it, and deleting your original account. When your previous username has been deleted, you&#8217;ll be able to change the e-mail address of your recent account when you desire.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41190\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen.png\" alt=\"WordPress Login Screen\" width=\"900\" height=\"517\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen.png 900w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-300x172.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-768x441.png 768w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-600x345.png 600w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-730x419.png 730w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-100x57.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-200x115.png 200w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\"><\/p>\n<h3>4. Enable A Web Application Firewall<\/h3>\n<p><iframe loading=\"lazy\" title=\"How To Remove Malware From Your Website\" width=\"1020\" height=\"574\" src=\"https:\/\/www.youtube.com\/embed\/LJZbWKe6mgY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p>You\u2019re probably conversant in the concept of a firewall \u2014 a program that helps to dam all kinds of unwanted attacks in your site. Probably, you&#8217;ve gotten some type of firewall in your computer. A <a href=\"https:\/\/www.owasp.org\/index.php\/Web_Application_Firewall\" target=\"_blank\" rel=\"noopener\">Web Application Firewall (WAF)<\/a> is solely a firewall designed specifically for web sites. It may protect servers, specific web sites, or entire groups of websites.<\/p>\n<p>A WAF in your WordPress site will function as a barrier between your website and the remaining of the online. A firewall monitors incoming activity, detects attacks, malware, and other unwanted events, and blocks anything it considers a risk from accessing your web server. #winning<\/p>\n<p>You could have many options for adding a WAF to your site (WordFence is a well-liked selection). But when you\u2019ve opted for our DreamPress package, you&#8217;ll be able to calm down; you won\u2019t need an extra firewall. DreamPress features a built-in WAF that may monitor your site for threats and block malicious users and programs from gaining access. No motion required in your part.<\/p>\n<p>DreamHost also offers DreamShield, our in-house malware scanning service. If you <a href=\"https:\/\/www.dreamhost.com\/academy\/enable-malware-remover\/\" target=\"_blank\" rel=\"noopener\">enable DreamShield in your hosting account<\/a>, we\u2019ll scan your site weekly for malicious code. If we discover anything suspicious, you\u2019ll be notified immediately via email.<\/p>\n<h3>5. Implement Two-Factor Authentication<\/h3>\n<p><a href=\"https:\/\/codex.wordpress.org\/Two_Step_Authentication\" target=\"_blank\" rel=\"noopener\">Two-factor authentication<\/a> (which also goes by two-step authentication and a wide range of other, similar names) refers to a two-step process you\u2019ll must follow when logging into your site. This takes just a little more effort and time but goes a good distance toward keeping hackers out.<\/p>\n<p>Two-factor authentication involves using a smartphone or other device to confirm your login. First, you\u2019ll visit your WordPress site and enter your username and password as usual. A singular code will then be sent to your mobile device, which you have to provide to complete logging in. This lets you prove your identity by showing you&#8217;ve gotten access to something solely yours \u2014 reminiscent of a selected phone or tablet.<\/p>\n<p>As with many WordPress features, two-factor authentication is simple so as to add with a dedicated plugin. The <a href=\"https:\/\/wordpress.org\/plugins\/two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">Two Factor Authentication<\/a> plugin is a solid selection \u2014 it\u2019s created by reliable developers, compatible with <a href=\"https:\/\/support.google.com\/accounts\/answer\/1066447?hl=en\" target=\"_blank\" rel=\"noopener\">Google Authenticator<\/a>, and can enable you so as to add two-factor functionality to your site with no fuss.<\/p>\n<p>One other selection is the <a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" target=\"_blank\" rel=\"noopener\">Two-Factor<\/a> plugin, which was built mainly by core WordPress developers and is well-known for its reliability. As with every plugin on this category, it comes with a little bit of a learning curve, but it&#8217;ll get the job done and is incredibly secure. If you happen to\u2019re willing to spend just a little money, you may also <a href=\"https:\/\/jetpack.com\/for\/clef\/\" target=\"_blank\" rel=\"noopener\">take a look at Jetpack\u2019s Clef-like premium solution<\/a>.<\/p>\n<p>Whatever route you select, make sure that to plan ahead together with your team, because you\u2019ll need to collect phone numbers and other information for all user accounts. With that, your login page is now secured and able to go.<\/p>\n<h3>6. Be Mindful When Adding Recent Plugins And Themes<\/h3>\n<p>Probably the greatest things about WordPress is the ready availability of plugins and themes for almost any need. With these handy tools, you&#8217;ll be able to make your site look good and add nearly any feature or functionality you&#8217;ll be able to consider.<\/p>\n<p>Not all plugins and themes are created equally, though.<\/p>\n<p>Developers who aren\u2019t careful or don\u2019t have the best level of experience can create plugins which might be unreliable or insecure \u2014 or simply downright sucky. They could use poor coding practices that <a href=\"https:\/\/www.dreamhost.com\/blog\/how-to-fix-harmful-programs-warning-wordpress\/\" target=\"_blank\" rel=\"noopener\">leave holes hackers can easily exploit<\/a> or unknowingly interfere with crucial functionality.<\/p>\n<p>This implies you have to be very careful in regards to the themes and plugins you add to your site. Every one ought to be vetted to make sure it\u2019s a solid option that won\u2019t hurt your site or cause problems. Here\u2019s the best way to select quality tools:<\/p>\n<ul>\n<li aria-level=\"1\"><b>Read reviews<\/b> <b>\u2013<\/b> Check user rankings and reviews to learn whether others have had a very good experience with the plugin or theme.<\/li>\n<li aria-level=\"1\"><b>Developer support<\/b> <b>\u2013<\/b> Have a look at how recently the plugin or theme has been updated. If it\u2019s been longer than six months, chances are high it isn\u2019t as secure because it might be.<\/li>\n<li aria-level=\"1\"><b>Easy does it<\/b> <b>\u2013<\/b> Install recent plugins and themes separately, so if anything goes mistaken, you\u2019ll know what the cause was. Also, remember to back up your site before adding anything to it.<\/li>\n<li aria-level=\"1\"><b>Vetted sources<\/b> <b>\u2013<\/b> Get your plugins and themes from trustworthy sources, reminiscent of the <a href=\"https:\/\/wordpress.org\/\" target=\"_blank\" rel=\"noopener\">WordPress.org Theme and Plugin Directories<\/a>, <a href=\"http:\/\/market.envato.com\/\" target=\"_blank\" rel=\"noopener\">ThemeForest and CodeCanyon<\/a>, and reliable developer web sites.<\/li>\n<\/ul>\n<h3>7. Commonly Update WordPress<\/h3>\n<p>Keeping WordPress up thus far is one of the vital necessary things you&#8217;ll be able to do to secure your site. Smaller patches and security updates shall be implemented routinely, but it&#8217;s possible you&#8217;ll must approve major updates independently (don\u2019t worry, that is <a href=\"https:\/\/codex.wordpress.org\/Updating_WordPress\" target=\"_blank\" rel=\"noopener\">quite simple to do<\/a>). This probably goes without saying, but DreamHost handles these updates for you, so that you don\u2019t should worry.<\/p>\n<p>But your work isn\u2019t done simply because WordPress is up thus far.<\/p>\n<p>You\u2019ll also must commonly update your plugins, themes, and other WordPress installations to make sure they work well together and are secured against the most recent threats. Fortunately, <a href=\"https:\/\/www.elegantthemes.com\/blog\/tips-tricks\/how-to-safely-update-your-wordpress-plugins-every-time\" target=\"_blank\" rel=\"noopener\">this can also be pretty easy<\/a> \u2014 simply go to your WordPress dashboard, search for the red notifications telling you there are themes or plugins with available updates, and click on \u201cUpdate Now\u201d next to every one.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41191\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins.png\" alt=\"Keep WordPress secure by updating plugins\" width=\"900\" height=\"362\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins.png 900w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-300x121.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-768x309.png 768w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-600x241.png 600w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-730x294.png 730w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-100x40.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-200x80.png 200w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\"><\/p>\n<p>You may as well update your plugins in a batch by choosing all of them after which hitting the update button, either here or within the WordPress panel.<\/p>\n<h3>8. Configure File Permissions<\/h3>\n<p>Let\u2019s talk technical for a minute.<\/p>\n<p>Plenty of the knowledge, data, and content in your WordPress site is stored in a series of folders and files on its back end. These are organized right into a hierarchical structure, and every one is given a permissions level. The permissions on a WordPress file or folder determine who can view and edit it. They will be set to permit access to anyone, only you, or almost anything in between.<\/p>\n<p>File permissions are represented by a three-digit number in WordPress, and every digit has a meaning. The primary digit stands for a person user (the positioning\u2019s owner), the second digit for the group (for instance, members of your site), and the third for everybody on the earth. The number itself implies that the user, group, or world:<\/p>\n<ul>\n<li aria-level=\"1\">0: Has no access to the file.<\/li>\n<li aria-level=\"1\">1: Can only execute the file.<\/li>\n<li aria-level=\"1\">2: Can edit the file.<\/li>\n<li aria-level=\"1\">3: Can edit and execute the file.<\/li>\n<li aria-level=\"1\">4: Can read the file.<\/li>\n<li aria-level=\"1\">5: Can read and execute the file.<\/li>\n<li aria-level=\"1\">6: Can read and edit the file.<\/li>\n<li aria-level=\"1\">7: Can read, edit, and execute the file.<\/li>\n<\/ul>\n<p>So, for instance, if a file is given a permissions level of 640 it means the first user can read and edit the file, the group can read the file but not edit it, and the remaining of the world cannot access it in any respect. It\u2019s necessary to be sure that everybody only has the extent of access to your site\u2019s files and folders you wish them to have.<\/p>\n<p><a href=\"https:\/\/codex.wordpress.org\/Changing_File_Permissions\" target=\"_blank\" rel=\"noopener\">WordPress recommends<\/a> setting folders to a permissions level of 755 and files to 644. You\u2019re pretty secure sticking to those guidelines, although you&#8217;ll be able to <a href=\"http:\/\/artisansweb.net\/correct-file-permissions-wordpress\/\" target=\"_blank\" rel=\"noopener\">arrange any combination<\/a> you\u2019d like. Just do not forget that it\u2019s best not to offer anyone more access than they absolutely need, especially to core files.<\/p>\n<p>It&#8217;s best to also consider that your ideal permissions settings will depend somewhat in your hosting service, so it&#8217;s possible you&#8217;ll want to seek out out <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214916918-Keeping-your-website-secure\" target=\"_blank\" rel=\"noopener\">what your host recommends<\/a>.<\/p>\n<p><b>Note<\/b>: Be very careful when making changes to your permissions levels \u2014 selecting the mistaken values (like <a href=\"https:\/\/www.dreamhost.com\/blog\/pesky-permissions\/\" target=\"_blank\" rel=\"noopener\">the dreaded 777<\/a>) could make your site inaccessible.<\/p>\n<p>And while we\u2019re on this subject, it\u2019s necessary to notice that WordPress comes with a built-in code editor that enables users to edit theme and plugin files right from the Admin Area. That is handy if you need it, but a giant security risk in case your site falls into the mistaken hands. That\u2019s why you need to disable file editing with a plugin like Sucuri.<\/p>\n<h3>9. Keep WordPress Users To A Minimum<\/h3>\n<p>If you happen to\u2019re running your WordPress site solo, you don\u2019t must worry about this step. Just don\u2019t give anyone else an account in your site, and also you\u2019ll be the one one who could make changes.<\/p>\n<p>Nevertheless, there are lots of reasons so as to add one other user account to your site: Chances are you&#8217;ll wish to let other authors contribute content, or you would possibly need people to assist edit content and manage your site. Chances are you&#8217;ll even have a whole team of users who commonly access your WordPress site and make their very own changes.<\/p>\n<p>This will be useful (and even obligatory). Nevertheless, it\u2019s also a possible security risk.<\/p>\n<p>The more people you let into your site, the upper the possibility that somebody will make a mistake, cause problems, or simply be a putz. That\u2019s why you need to keep your site\u2019s user count as little as possible without hampering its ability to grow. Particularly, attempt to limit the variety of administrators and other <a href=\"https:\/\/firstsiteguide.com\/wordpress-user-roles\/\" target=\"_blank\" rel=\"noopener\">user roles with high privileges<\/a>.<\/p>\n<p>Listed here are just a few other best practices:<\/p>\n<ul>\n<li aria-level=\"1\">Limit each user to only what permissions are obligatory for them to do their job.<\/li>\n<li aria-level=\"1\">Encourage users to make use of strong passwords.<\/li>\n<li aria-level=\"1\">Attempt to keep on with one administrator and a small group of editors.<\/li>\n<li aria-level=\"1\">Remove users who&#8217;ve left the positioning or not need access.<\/li>\n<li aria-level=\"1\">Commonly sign off idle users (the <a href=\"https:\/\/wordpress.org\/plugins\/inactive-logout\/\" target=\"_blank\" rel=\"noopener\">Inactive Logout plugin<\/a> is great for this!).<\/li>\n<li aria-level=\"1\">Consider downloading a plugin like <a href=\"https:\/\/wordpress.org\/plugins\/members\/\" target=\"_blank\" rel=\"noopener\">Members<\/a>, which provides a user interface for WordPress\u2019 <a href=\"https:\/\/codex.wordpress.org\/Roles_and_Capabilities\" target=\"_blank\" rel=\"noopener\">role and capabilities<\/a> system.<\/li>\n<\/ul>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41192\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress.png\" alt=\"Content permissions settings on WordPress\" width=\"852\" height=\"330\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress.png 852w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-300x116.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-768x297.png 768w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-600x232.png 600w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-730x283.png 730w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-100x39.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-200x77.png 200w\" sizes=\"auto, (max-width: 852px) 100vw, 852px\"><\/p>\n<h3>10. Limit Login Attempts<\/h3>\n<p>Everyone forgets their password sometimes. But excellent news! By default, WordPress allows a vast variety of guesses.<\/p>\n<p>But is that <i>really<\/i> excellent news? Brute force attacks, or attacks where a hacker tries any variety of passwords, are one of the vital common ways hackers gain access to non-public accounts. With no limit on login attempts, a hacker or bot could try every password within the book with no consequences.<\/p>\n<p>First, check your Web Access Firewall (WAF) to limit the variety of login attempts a user could make. In case your firewall is already arrange, a limit will already be in place, but you may also use a separate plugin for that! Each <a href=\"https:\/\/wordpress.org\/plugins\/login-lockdown\/\" target=\"_blank\" rel=\"noopener\">Login Lockdown<\/a> and Cerber <a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\" rel=\"noopener\">Limit Login Attempts<\/a> record the IP address and time stamp for every failed login attempt, allow you to limit the variety of failed attempts allowed in a certain span of time, and lock out IP addresses that exceed the limit. Each plugins are free, but Login Lockdown is less complicated and more beginner-friendly. If you happen to require a more robust system, Cerber Limit Login Attempts is the solution to go, allowing not only IP white\/blacklisting, but additionally notifying admins if a certain variety of lockouts is reached.<\/p>\n<p><iframe loading=\"lazy\" title=\"How Brute Force Attacks Work &amp; How To Protect Your WordPress Website\" width=\"1020\" height=\"574\" src=\"https:\/\/www.youtube.com\/embed\/wzmPXu55zLU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<h3>11. Track Your Admin Area Activity<\/h3>\n<p>If you&#8217;ve gotten multiple users, keeping tabs on what they\u2019re all doing on the positioning is a very good idea. Tracking activity in your <a href=\"https:\/\/www.dreamhost.com\/blog\/what-to-do-when-locked-out-wordpress\/\" target=\"_blank\" rel=\"noopener\">WordPress admin area<\/a> will assist you to spot when other users are doing things they shouldn\u2019t \u2014 and may assist you to spot when unauthorized users have gained access.<\/p>\n<p>But you furthermore may need a tool to assist you to see who&#8217;s behind different site activities \u2014\u00a0like when someone makes an unauthorized change or a suspicious recent install. For that, you would like one other plugin. <a href=\"https:\/\/wordpress.org\/plugins\/simple-history\/\" target=\"_blank\" rel=\"noopener\">Easy History<\/a> lives as much as its name by making a streamlined, easy-to-understand log of changes and events in your site.<\/p>\n<p>For more comprehensive tracking features, take a look at <a href=\"https:\/\/wordpress.org\/plugins\/wp-security-audit-log\/\" target=\"_blank\" rel=\"noopener\">WP Security Audit Log<\/a>, which tracks nearly all the things that happens in your site and offers <a href=\"https:\/\/www.wpsecurityauditlog.com\/plugin-extensions\/\" target=\"_blank\" rel=\"noopener\">premium add-ons<\/a>.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41193\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure.png\" alt=\"Session timeouts keep WordPress secure\" width=\"850\" height=\"342\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure.png 850w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-300x121.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-768x309.png 768w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-600x241.png 600w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-730x294.png 730w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-100x40.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-200x80.png 200w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\"><\/p>\n<h3>12. Password Protect Your Login Page<\/h3>\n<p><a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area\/\" target=\"_blank\" rel=\"noopener\">The login page<\/a> is the probably way for hackers to access your website, so protecting it&#8217;s an excellent solution to protect the remaining of your site. This generally is a bit technical, but it surely\u2019s still price learning. Use <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216363187-Password-protecting-your-site-with-an-htaccess-file\" target=\"_blank\" rel=\"noopener\">this tutorial<\/a> to learn the best way to create an htaccess file and add a password prompt to your login page. A login in your login \u2014\u00a0what is going to they consider next?<\/p>\n<p>And when you\u2019re hosting content that not everyone must see, you&#8217;ll be able to password protect other parts of your site. For blog posts and other pages, you&#8217;ll be able to add password protection by going into pages >> all posts option. Click \u201cedit,\u201d and also you\u2019ll see the choice to vary the visibility to \u201cPassword Protected\u201d. Just publish, and badabing-badaboom, that page is locked up tight!<\/p>\n<h3>13. Hide Your Login Page<\/h3>\n<p>Adding password protection to your login page is great, but even higher is that if hackers <a href=\"https:\/\/wpmudev.com\/blog\/hide-wordpress-login-page\/\" target=\"_blank\" rel=\"noopener\">can\u2019t even find it<\/a>. Changing your wp-admin and wp-login pages is simple and helps deter hackers who can easily find your login page when you leave default settings in place.<\/p>\n<p>There are several plugins that may redirect the default login page to a different page of your selecting. Many plugins offer this as part of a bigger package (for instance, <a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" target=\"_blank\" rel=\"noopener\">Defender <\/a>also features a malware scanner and firewall). But when you\u2019re searching for something easy, try <a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noopener\">WPS Hide Login<\/a>, which just hides your login. Just don\u2019t forget to bookmark your recent login page so you will discover it.<\/p>\n<h3>14. Update PHP<\/h3>\n<p><iframe loading=\"lazy\" title=\"How to Update To The Latest PHP Version\" width=\"1020\" height=\"574\" src=\"https:\/\/www.youtube.com\/embed\/G_O-mxZAk-g?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p>Identical to America runs on Dunkin\u2019 (don\u2019t quote us there), WordPress runs on PHP. Updating WordPress isn\u2019t enough to maintain your site secure and secure \u2014 it&#8217;s essential make sure that you\u2019re using the most recent version of PHP, too.<\/p>\n<p>Normally, each PHP version is supported for a minimum of two years after its release date, meaning vulnerabilities are addressed by the engineers who designed the code. When the code goes outdated (or reaches its EOL or \u201cend of life\u201d), it\u2019s time to upgrade, otherwise you <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214895317-Change-the-PHP-version-of-a-site\" target=\"_blank\" rel=\"noopener\">risk being exposed <\/a>to security concerns, performance slowdowns, and bugs galore.<\/p>\n<p>To see which version of PHP you\u2019re currently running, log in to your WordPress site, and choose Tools >> Site Health. Navigate to Info after which Server, and <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214895287\" target=\"_blank\" rel=\"noopener\">view your current PHP version<\/a>.<\/p>\n<h3>15. Secure Your WordPress Database<\/h3>\n<p>Leaving anything on the default settings is a boon for hackers, and by default, WordPress uses <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-change-the-wordpress-database-prefix-to-improve-security\/\" target=\"_blank\" rel=\"noopener\">wp_ because the prefix <\/a>for <i>all<\/i> of your related tables. Excellent news! If you happen to\u2019re using the <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/215525277-Install-WordPress-using-the-One-Click-Installer\" target=\"_blank\" rel=\"noopener\">One-Click Installer<\/a>, you have already got a prefix of random letters and numbers. So long as it ends with an underscore, the system is completely satisfied. Higher News! Even in case your WordPress is already installed, it might be eligible for the One-Click Installer so long as the positioning is fully hosted and meets just a few other guidelines.<\/p>\n<p>Just note that breaking something will be as easy as a missing underscore. Luckily, there may be a default version of the <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214693268-WordPress-wp-config-php-overview\" target=\"_blank\" rel=\"noopener\">wp-config.php<\/a> file available at <a href=\"https:\/\/core.trac.wordpress.org\/browser\/trunk\/wp-config-sample.php\" target=\"_blank\" rel=\"noopener\">WordPress Core<\/a>, so you&#8217;ll be able to quickly and simply rebuild \u2014 whether you tried to vary the database prefix manually, or with a service like phpMyAdmin.<\/p>\n<h3>16. Add Security Questions<\/h3>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41194\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress.png\" alt=\"Security question plugin for WordPress\" width=\"550\" height=\"352\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress.png 550w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress-300x192.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress-100x64.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress-200x128.png 200w\" sizes=\"auto, (max-width: 550px) 100vw, 550px\"><\/p>\n<p>Security questions are sometimes missed, but they offer extra <i>oomph<\/i> to your security. Depending on the <a href=\"https:\/\/www.wpbeginner.com\/plugins\/how-to-add-security-questions-to-wordpress-login-screen\/\" target=\"_blank\" rel=\"noopener\">plugin you select<\/a>, you\u2019ll either select from existing security questions or create your personal.<\/p>\n<h3>17. Hide Your WordPress Version<\/h3>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Security_through_obscurity\" target=\"_blank\" rel=\"noopener\">Security through Obscurity<\/a> \u2014 in the event that they can\u2019t find it, they&#8217;ll\u2019t hack it!<\/p>\n<p><a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/the-right-way-to-remove-wordpress-version-number\/\" target=\"_blank\" rel=\"noopener\">Hide which version <\/a>of WordPress you\u2019re using (or hide that you just\u2019re using WordPress altogether) by altering the header code. If that sounds too technical, use a plugin like <a href=\"https:\/\/wpcode.com\/\" target=\"_blank\" rel=\"noopener\">WPCode<\/a>. Just make sure that to change the code and not only edit the display information in your theme settings \u2014\u00a0those snippets of code will only return in the course of the next theme update.<\/p>\n<h3>18. Prevent Hotlinking<\/h3>\n<p>Hotlinking is the act of stealing bandwidth by utilizing files hosted on one site and linking them to a different. For instance, let\u2019s say someone draws a fairly clever comic, and another website desires to feature it without permission. They might <a href=\"https:\/\/www.theguardian.com\/media\/2015\/oct\/28\/cartoonist-the-oatmeal-trolls-huffpo-over-images-published-sans-permission\" target=\"_blank\" rel=\"noopener\">hotlink the comic<\/a> as an alternative of hosting it on their very own servers, costing the unique website more bandwidth, and due to this fact extra money.<\/p>\n<p>To <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216363197-Prevent-image-hotlinking\" target=\"_blank\" rel=\"noopener\">prevent hotlinking<\/a>, you&#8217;ll be able to decide to reject certain domains, allow only certain domains, or remove the power to hotlink altogether, all by making just a few changes to your htaccess file. You&#8217;ll be able to even include a snippet in your .htaccess file that routes all hotlinking attempts to a page or image of your selection \u2014 perhaps one that claims, \u201cStop hotlinking, freeloader!\u201d<\/p>\n<h3>19. DDoS Protection (Disable XML RPC)<\/h3>\n<p>A Distributed Denial of Service attack (or <a href=\"https:\/\/www.webopedia.com\/definitions\/ddos-attack\/\" target=\"_blank\" rel=\"noopener\">DDoS<\/a>) is when a hacker uses multiple systems to send an enormous volume of information and overwhelm their goal. This may decelerate and crash their goal \u2014 imagine an enormous traffic jam in your website where no legitimate traffic can get in.<\/p>\n<p>We all know that patience is tough to return by online, with the common user waiting <a href=\"https:\/\/www.thinkwithgoogle.com\/marketing-strategies\/app-and-mobile\/mobile-page-speed-new-industry-benchmarks\/\" target=\"_blank\" rel=\"noopener\">only 3 seconds<\/a> for a page to load before clicking away, so the earlier you&#8217;ll be able to discover and resolve an attack in your website, the higher.<\/p>\n<p>While stopping a DDoS attack could seem daunting, considered one of the primary steps you&#8217;ll be able to take is to remove or disable any old or unutilized plugins. Plugins are incredibly handy, but by increasing functionality, in addition they have access to your website that <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-stop-and-prevent-a-ddos-attack-on-wordpress\/\" target=\"_blank\" rel=\"noopener\">will be exploited<\/a>. For once, downloading more plugins shouldn&#8217;t be the reply!<\/p>\n<p><a href=\"https:\/\/www.wpbeginner.com\/plugins\/how-to-disable-xml-rpc-in-wordpress\/\" target=\"_blank\" rel=\"noopener\">XML-RPC<\/a> allows WordPress access through the app in your mobile device. If you happen to don\u2019t use your smartphone to make changes to your WordPress website, you likely don\u2019t need this feature enabled. Turning it off involves adding a fast snippet of code to your htaccess file, and also you\u2019ll be all of the safer for it.<\/p>\n<h3>20. Malware Scanning<\/h3>\n<p>Malware (short for <a href=\"https:\/\/www.acunetix.com\/websitesecurity\/cross-site-scripting\/\" target=\"_blank\" rel=\"noopener\">malicious software<\/a>) hides in what appears to be secure applications in order that the user doesn\u2019t know their computer or website has been infected.<\/p>\n<p>Malware scanning is a very important defense that works by utilizing <a href=\"https:\/\/wordpress.org\/plugins\/security-ninja\/\" target=\"_blank\" rel=\"noopener\">anti-malware software<\/a> to discover and isolate suspicious files until you choose in the event that they have to be removed. If a threat is detected, a very good malware scanner will delete any trace of it out of your computer ASAP. Luckily, <a href=\"https:\/\/wordpress.org\/plugins\/security-antivirus-firewall\/\" target=\"_blank\" rel=\"noopener\">several firewall plugins<\/a> include malware scanning in-built, so make sure that to examine your security plugins to see what they provide.<\/p>\n<p>If you&#8217;ve gotten DreamHost as your hosting platform, you&#8217;ll be able to activate <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/226704048-How-do-I-enable-DreamShield-\" target=\"_blank\" rel=\"noopener\">DreamShield<\/a> to handle weekly malware scanning for you.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41195\" src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost.png\" alt=\"DreamShield Malware Remover from DreamHost\" width=\"737\" height=\"556\" srcset=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost.png 737w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost-300x226.png 300w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost-600x453.png 600w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost-730x551.png 730w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost-100x75.png 100w, https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/dreamshield-malware-remover-dreamhost-200x151.png 200w\" sizes=\"auto, (max-width: 737px) 100vw, 737px\"><\/p>\n<h2 id=\"summary\">WordPress Security: Locking It Up<\/h2>\n<p>In case your website is hacked, you\u2019ll spend hours (even perhaps days) attempting to repair the damage. Chances are you&#8217;ll permanently lose data or see your personal information compromised \u2014 or worse: your clients\u2019 data.<\/p>\n<p>That\u2019s why you&#8217;ve gotten to place enough time and energy into ensuring your site is secure. Otherwise, you simply risk losing invaluable business and precious time.<\/p>\n<p>These WordPress security suggestions should help. Some are easy tweaks, while others affect your entire site. But when you\u2019re searching for one impactful change you&#8217;ll be able to make <i>today<\/i> to maintain your site secure, make sure that it runs on a secured WordPress host.<\/p>\n<p><a href=\"https:\/\/www.dreamhost.com\/wordpress\/\" target=\"_blank\" rel=\"noopener\">DreamPress hosting<\/a> (with free WordPress migration) is specifically designed for the WordPress environment. Plus, when you ever do encounter a security issue, we\u2019ve got you covered with automatic every day backups, a weekly malware scan, and our support team of WordPress experts! Able to protect your site from threats and vulnerabilities? <a href=\"https:\/\/www.dreamhost.com\/wordpress\/\" target=\"_blank\" rel=\"noopener\">Learn more about DreamPress hosting today<\/a>.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an excellent, secure platform out of the box, but there\u2019s actually more you&#8217;ll be able to (and will!) do to maintain your site secure from malicious intent. A lot of these security [&#8230;]\n","protected":false},"author":1,"featured_media":31633,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"fifu_image_url":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","fifu_image_alt":"","two_page_speed":[],"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[97],"tags":[2320,778,2319,151,179],"class_list":["post-31632","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-hardening","tag-secure","tag-site","tag-tips","tag-wordpress"],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC<\/title>\n<meta name=\"description\" content=\"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC\" \/>\n<meta property=\"og:description\" content=\"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an\" \/>\n<meta property=\"og:url\" content=\"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/\" \/>\n<meta property=\"og:site_name\" content=\"Daniels Marketing BLC\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-21T02:29:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-21T02:29:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg\" \/>\n<meta name=\"author\" content=\"info\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"info\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"25 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/\"},\"author\":{\"name\":\"info\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/#\\\/schema\\\/person\\\/6a0a5d2e1a48d29297b62e635a4db33f\"},\"headline\":\"How Secure Your WordPress Site (25 Hardening Suggestions)\",\"datePublished\":\"2023-07-21T02:29:06+00:00\",\"dateModified\":\"2023-07-21T02:29:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/\"},\"wordCount\":5153,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dreamhost.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/WordPress-Security-Tips-Social-Image.jpg\",\"keywords\":[\"Hardening\",\"secure\",\"Site\",\"Tips\",\"WordPress\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/\",\"url\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/\",\"name\":\"How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dreamhost.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/WordPress-Security-Tips-Social-Image.jpg\",\"datePublished\":\"2023-07-21T02:29:06+00:00\",\"dateModified\":\"2023-07-21T02:29:09+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/#\\\/schema\\\/person\\\/6a0a5d2e1a48d29297b62e635a4db33f\"},\"description\":\"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dreamhost.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/WordPress-Security-Tips-Social-Image.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dreamhost.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/WordPress-Security-Tips-Social-Image.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/2023\\\/07\\\/21\\\/how-secure-your-wordpress-site-25-hardening-suggestions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Secure Your WordPress Site (25 Hardening Suggestions)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/#website\",\"url\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/\",\"name\":\"Daniels Marketing BLC\",\"description\":\"All About Health &amp; Marketing\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/#\\\/schema\\\/person\\\/6a0a5d2e1a48d29297b62e635a4db33f\",\"name\":\"info\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g\",\"caption\":\"info\"},\"url\":\"https:\\\/\\\/danielsmarketingblc.com\\\/CuratedProducts\\\/author\\\/info\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC","description":"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/","og_locale":"en_US","og_type":"article","og_title":"How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC","og_description":"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an","og_url":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/","og_site_name":"Daniels Marketing BLC","article_published_time":"2023-07-21T02:29:06+00:00","article_modified_time":"2023-07-21T02:29:09+00:00","og_image":[{"url":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","type":"","width":"","height":""}],"author":"info","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","twitter_misc":{"Written by":"info","Est. reading time":"25 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#article","isPartOf":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/"},"author":{"name":"info","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/#\/schema\/person\/6a0a5d2e1a48d29297b62e635a4db33f"},"headline":"How Secure Your WordPress Site (25 Hardening Suggestions)","datePublished":"2023-07-21T02:29:06+00:00","dateModified":"2023-07-21T02:29:09+00:00","mainEntityOfPage":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/"},"wordCount":5153,"commentCount":0,"image":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","keywords":["Hardening","secure","Site","Tips","WordPress"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/","url":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/","name":"How Secure Your WordPress Site (25 Hardening Suggestions) - Daniels Marketing BLC","isPartOf":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/#website"},"primaryImageOfPage":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#primaryimage"},"image":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","datePublished":"2023-07-21T02:29:06+00:00","dateModified":"2023-07-21T02:29:09+00:00","author":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/#\/schema\/person\/6a0a5d2e1a48d29297b62e635a4db33f"},"description":"If you happen to\u2019re searching for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an","breadcrumb":{"@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#primaryimage","url":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","contentUrl":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/2023\/07\/21\/how-secure-your-wordpress-site-25-hardening-suggestions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/"},{"@type":"ListItem","position":2,"name":"How Secure Your WordPress Site (25 Hardening Suggestions)"}]},{"@type":"WebSite","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/#website","url":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/","name":"Daniels Marketing BLC","description":"All About Health &amp; Marketing","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/#\/schema\/person\/6a0a5d2e1a48d29297b62e635a4db33f","name":"info","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/387c3341fa426df253347bf8f03bf81e7c8355f511b0ffdb256b6fad73bc149c?s=96&d=mm&r=g","caption":"info"},"url":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/author\/info\/"}]}},"jetpack_featured_media_url":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/posts\/31632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/comments?post=31632"}],"version-history":[{"count":2,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/posts\/31632\/revisions"}],"predecessor-version":[{"id":31635,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/posts\/31632\/revisions\/31635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/media\/31633"}],"wp:attachment":[{"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/media?parent=31632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/categories?post=31632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/danielsmarketingblc.com\/CuratedProducts\/wp-json\/wp\/v2\/tags?post=31632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}