Eight Steps to Eliminating Security Risks in WordPress

1 - Eight Steps to Eliminating Security Risks in WordPress
2 - Keep Your Server Software Updated
3 - Enable Automatic WordPress Updates
4 - Update All Plug-Ins and Themes
5 - Use Secure Sockets Layer for Log-In
6 - Consider Using Two-Factor Authentication
7 - Use WordPress Plug-In Security Tools
8 - Don't Be an Attacker
9 - Follow WordPress Hardening Guidelines
1 of 9

Eight Steps to Eliminating Security Risks in WordPress

by Sean Michael Kerner

2 of 9

Keep Your Server Software Updated

If you're self-hosting WordPress on your own server, keep the core server software updated, including the operating system, Web server, PHP and MySQL applications.

3 of 9

Enable Automatic WordPress Updates

All versions of WordPress since the 3.7 update in October 2013 can be enabled to automatically update the WordPress application for important bug and security fixes.

4 of 9

Update All Plug-Ins and Themes

Keeping the server and WordPress itself updated is not enough. It's critically important to make sure that both plug-ins and themes are always updated. WordPress provides an easy-to-access view that provides full visibility into items that must be updated.

5 of 9

Use Secure Sockets Layer for Log-In

It's important to configure the WordPress administrator log-in page (/wp-admin) to be accessible via HTTPS/SSL. Otherwise, the administrator password is being sent in the clear and can easily be intercepted by an attacker.

6 of 9

Consider Using Two-Factor Authentication

For both WordPress.com as well as self-hosted sites, users should employ two-factor authentication, which requires a second password (or factor) to log into the site, providing an additional measure of security.

7 of 9

Use WordPress Plug-In Security Tools

Multiple vendors provide WordPress security add-ons to help users lock down their sites. Among them are Wordfence and Sucuri, which can easily be found by searching in the WordPress plug-in listings.

8 of 9

Don't Be an Attacker

Another useful tool from Sucuri is the WordPress distributed denial-of-service (DDoS) checker, which can identify if a given site is being used as part of an attack against others.

9 of 9

Follow WordPress Hardening Guidelines

WordPress regularly updates its listing of best practices on how to harden and secure sites.

Top White Papers and Webcasts