How to Harden and Secure WordPress. WordPress releases updates to their software regularly to address new security issues and vulnerabilities in the WordPress core files. To ensure that you are getting the latest security updates and fixes you should always keep up to date with the latest version of WordPress! Older versions of WordPress have known vulnerabilities and “holes” which exist in a public database
that hackers are aware of since WordPress is Open Source
GlowFrog Hosting maintains the Security of the Server Infrastructure
for you but a secure server alone doesn’t fully ensure that your WordPress site is safe from hackers. In reality, no one website is truly 100% safe but there are preventive measures you can take and things you can do to “harden” your WordPress site against hackers and malicious activity. In this guide, we will discuss general steps to strengthen the Security of Your WordPress website and how to Harden your WordPress Website.
Keep WordPress Core Up-to-Date
One of the most important steps to hardening your WordPress site is keeping all of your Software up-to-date with the latest versions. Create backups of your site(s) first
, then be sure to install important updates from WordPress.
Keep Themes & Plugins Up-to-Date
Plugins and themes can become deprecated, obsolete, or include bugs that pose serious security risks to your WordPress website! Most Third Party plugin and theme developers issue important security updates and patches for their software so it is important to install these updates as they become available. As always, create a backup first, then apply updates to all of your Themes and Plugins!
Auditing Plugins and Themes
There are many third party Plugins and Themes available for WordPress which are not created by the Makers of WordPress and thus the security of these Themes and Plugins cannot be guaranteed. It is important to regularly Audit your WordPress Themes and Plugins to ensure they are stable and secure. You can use the following checklist as a guideline for choosing better plugins and themes for your WordPress Site.
- Does the plugin or theme have a large install and support base?
- Are there a huge amount of positive user reviews?
- Are the developers actively supporting their plugin and pushing frequent updates or security patches?
- Does the vendor include a physical contact address in the ToS or from a contact page?
If the plugin or theme fails any of the above checks, we recommend searching for a more secure and trusted solution.
Remove Unused Plugins & Themes
It is a common misconception that if a Plugin is deactivated or a Theme is not in use that it cannot have an affect on your WordPress website. This is NOT true! Although the Theme or Plugin may be deactivated, the files for that theme or plugin STILL exist on the Webserver as a potential door for hackers.
When a plugin or theme is not in use, it is not being updated regularly. Storing these unused plugins and theme files in your WordPress installation increases the chance of a compromise, even if they are disabled and not actively being used in your installation. Removing unused plugins and themes helps improve security and protects WordPress from hacking
Not using a WordPress plugin? Delete it!
Install a WordPress Firewall and Security Plugin: WP Cerber
Helpful Articles & Resources