Quick Reference Guide
Hardening General Login Configurations
Disabling xmlrpc.php
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
.htpassword generator
http://www.htaccesstools.com/htpasswd-generator/
.htpasswd .htaccess code
# Protect wp-login
<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Private access"
AuthType Basic
require user yourusername
</Files>
Hardening your General WordPress Configurations
Disable File Editing
## Disable Editing in Dashboard
define('DISALLOW_FILE_EDIT', true);
Enable WordPress Auto-Updates
## Auto Updates
define( 'WP_AUTO_UPDATE_CORE', true );
add_filter( 'auto_update_theme', '__return_true' );
add_filter( 'auto_update_plugin', '__return_true' );
Force the use of SSL over the WordPress Dashboard
## Force Admin SSL
define('FORCE_SSL_ADMIN', true);
Generate Unique Keys and Salts
https://api.wordpress.org/secret-key/1.1/salt
Disable PHP Execution
<Files *.php>
deny from all
</Files>
Strengthen Your Password Security
How secure is your password? (Note: Don’t input your real password at the risk that it could be intercepted)
https://howsecureismypassword.net/
Password Managers List
LastPass: https://www.lastpass.com
1Password:https://1password.com
KeyPass: https://www.keepassx.org
Let’s Encrypt
https://letsencrypt.org
