Basic WordPress security

WordPress sites are hit all the time. Some basic steps can prevent most of the attacks. Automated scripts will likely timeout after so many blocks and move on. Injections will not be able to find important data. You can even hide your admin dashboard. Here are some working examples.

Change database prefix

Change the prefix to 5 or more random characters. Such as fjTn8_

Install Wordfence

Brute Force Protection
Lock out after how many login failures – 2
Lock out after how many forgot password attempts – 2
Immediately lock out after bad usernames – Checked

Login Security
Add reCaptcha v3 to login and user registration pages

Change wp-admin login

Change wp-admin to anything with 4 random characters. Such as domain-Xxroq

Leave a reply:

Your email address will not be published.

Site Footer