It’s been on my editorial calendar for some time now to write a blog post about WordPress security. Last week, I received an email from a person named Alex letting me know he had written a very thorough guide on the subject.
I checked it out and it’s pretty spectacular! And even better, it’s completely free. You don’t have to pay, give your email address or download anything. The table of contents is below so you can get an idea of what’s included. (And there’s a whole section on the Wordfence plugin – one of my favorites.)
You can access all of the topics below by visiting this page: Bloggers Guide to WordPress Security.
Thanks, Alex!
- Why Do I Have to Secure My WordPress Account?
- Chapter One: Setting Up and Configuring Your WordPress Installation
- Change Your Administrative Username
- How to Change Your Administrative Username
- Add Two-Factor Authentication
- Installing Two-Factor Authentication With Google Authenticator
- Install a CAPTCHA Solution
- Installing a CAPTCHA Solution
- Get Spam Protection for Your Comments
- Installing the Akismet WordPress Plug-In
- Remove Your WordPress Version Number
- Disable the WordPress API
- Disable XML-RPC
- Chapter Two: Passwords and Password Hygiene
- Crafting a Strong and Memorable Password
- Practicing Good Password Hygiene
- Making Sure Your Password Can’t Be Reset
- Locking Out Multiple Sign On Attempts
- Installing WP Limit Login Attempts
- Chapter Three: Adding an Internal Monitoring System
- Monitoring Security with Sucuri
- Monitoring Security with Wordfence
- Monitoring Security with WordPress Security
- Chapter Four: Securing Your Web Hosting Account
- Finding the Right Hosting Service
- Adding External Monitoring Systems
- Setup an SSL Certificate and Configure WordPress
- How to Add SSL and HTTPS to WordPress
- Update Your File Permissions
- Turn Off PHP Error Reporting
- Chapter Five: Protecting Against Your Users
- The Importance of Restricting Permissions
- Setting Password Restrictions
- Log Out Idle Users
- Chapter Six: Protecting Against Third-Party Utilities and Services
- Validating Third-Party Plug-Ins
- Avoiding Malicious Third-Party Services
- Identifying Potentially Harmful Plug-Ins or Themes
- Only Installing the Plug-Ins You Need
- Chapter Seven: Computers, Connections, and the Internet of Things
- Protecting Your Blog Against Physical Intrusion
- Chapter Eight: Constructing Your Disaster Preparedness Plan
- What is a Disaster Preparedness Plan?
- The Four Best Practices for Website Backups
- Options for Backing Up Your WordPress Site
- Chapter Nine: Managing and Monitoring Your WordPress Site
- Keeping Your WordPress Site Current
- Abandoning Out-of-Date Plug-Ins
- Keeping Your Site Clean
- Conclusion