#WCMIA: 7 Steps to Secure your WordPress & 7 Tips to Keep it Secure Extended Cut

Quick Reference Guide

Hardening General Login Configurations
Disabling xmlrpc.php
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from
.htpassword generator 
.htpasswd .htaccess code
# Protect wp-login
<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Private access"
AuthType Basic
require user yourusername
Hardening your General WordPress Configurations
Disable File Editing
## Disable Editing in Dashboard
define('DISALLOW_FILE_EDIT', true);
Enable WordPress Auto-Updates
## Auto Updates
define( 'WP_AUTO_UPDATE_CORE', true );
add_filter( 'auto_update_theme', '__return_true' );
add_filter( 'auto_update_plugin', '__return_true' );
Force the use of SSL over the WordPress Dashboard
## Force Admin SSL
define('FORCE_SSL_ADMIN', true);
Generate Unique Keys and Salts
Disable PHP Execution
<Files *.php>
deny from all
Strengthen Your Password Security
How secure is your password? (Note: Don’t input your real password at the risk that it could be intercepted)
Password Managers List
LastPass: https://www.lastpass.com


KeyPass: https://www.keepassx.org
Let’s Encrypt

Leave a Reply

Your email address will not be published. Required fields are marked *