Security Tips

Update WordPress, your themes and plugins.
Change username from Admin to something else.
Use a strong password.
Delete the wp-config-sample.php from your root folder along with the readme and any unnecessary files. I deleted the readme.txt and the license info text file.
Keep a minimum of themes and just the plugins that you use.
Turn off Settings -> General: Membership “Anyone can register” IF you do not plan on having people register on the site.
Regularly backup your site.
Implement SSL certificates (Talk to your web host).
Hide the WP-Admin login page.
Update PHP.
Use a WordPress security plugin.

Use a secure browser which protects your privacy. For instance

Security plugins

Sucuri Scanner
iThemes Security
All In One WP Security
Bulletproff Security
Shield Security
Security Ninja

Site scan – WPScan is a black box WordPress vulnerability scanner.
WordPress plugin exploit scanner


Another security tutorial that I have is: A short overview of WordPress Security plugins.


Leave a Reply

Your email address will not be published. Required fields are marked *