WordPress Security

Keep your WordPress site safe and secure

Securing WordPress

Running the latest version of WordPress and using strong passwords should be enough to keep your site safe, though extra messures can sometimes be necessary.

A hacked WordPress site can cause serious damage to your business revenue and reputation. If security is breached, hackers can potentially steal user information, passwords, install malicious software, and distribute malware to your users.

If you are having problems with security on your WordPress site, then hardening WordPress is likely the first step you should take. In combination with the other measures we take, the risk of a security breach on your site will be reduced to a minimum.

WordPress logo
 

What we can do to protect your WordPress site

Login reCAPTCHA

Many WordPress sites are bombarded by automated bot scripts trying to log in to the admin over and over.

Adding Google reCAPTCHA on the login screen as verification should stop them from gaining access to the site.

Limit login attempts

By default WordPress allows unlimited login attempts either through the login page. This allows for passwords to be brute-force cracked by bots.

Limiting the number of login attempts allowed should drastically reduce the risk of a password being cracked.

Password protect login page

This is likely the best way to keep your login page safe from unwanted login attempts and brute force attacks.

Adding an additional login prompt with separate login details before being able to even access the login page.



 

Note: all of the above measures are related to the login page and process, all three in combination might not be necessary. If you order the security package then we will ask you what route you would like to take.

 
 

Change the WordPress Database Prefix

WordPress uses the wp_ prefix for all tables in the database by default.

Hackers are of course aware of this, and changing this prefix to something else would make it harder to hack the database connected to your WordPress installation.

Disable XML-RPC

XML-RPC is a feature in WordPress which enables your site to connect to other websites or mobile applications. The problem with this feature is that is can make brute force attacks easier than normal.

If your site is not using any features related to XML-RPC then we would recommend turning this feature off.

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can use those files to gain access.

Disabling this feature will make it harder for hackers to find weaknesses on your site.

 

Plugins and themes review

Some plugins and themes can pose security risks if they are not maintained and regularly updated.

We'll check the theme and plugins on your site to determine if they might need to be changed or substituted with a well maintained alternative.

Plugins for protection

We like to use the premium versions of Sucuri and WordFence to protect customer sites. Both plugins have good reputations and are tried and tested.

Both plugins have similar features which include firewalls, blocking features and security scanning. We'll pick the one which will suit your needs the best.

Disable WordPress file editing

By default WordPress comes with the ability to edit theme and plugin files directly using the Editor feature in the Appearace menu.

If someone with malicious intent should gain access to your site, then this feature could be dangerous and should be turned off.

Our security products

  • Security

  • $195 - one time fee
  • Secure your site from unwanted traffic and attacks
  • Login reCAPTCHA
  • Limit login attempts
  • Password protect login page
  • Change the WordPress Database Prefix
  • Disable XML-RPC
  • Disable directory browsing
  • Plugins and themes review
  • Security plugin with firewall
  • Disable WordPress file editing
  • ORDER NOW »
  • Page Speed + Security package

  • $350
  • Everything included in the Page Speed and Security packages. Save 10%.
  • ORDER NOW »
  • Maintenance + Page Speed + Security package

  • $800
  • 1 year Maintenance plus everything included in the Page Speed and Security packages. Save 15%.
  • ORDER NOW »

Chat with us on Slack!

Slack hashtag icon
 
 

Submit a support ticket

 

 

Latests posts from the blog

When to not use a caching plugin on your WordPress site

When to not use a caching plugin WordPress

Caching plugins can be a great asset in serving your WordPress site faster to end-users, but it’s not always a good idea to have caching active. Here are a few website states where using a caching plugin is not a very good idea: When developing the site When developing your site you tend to do […]

Read more »

Why you should not only use Google Page Speed Insights to measure your WordPress page speed

Do not only use Google Page Speed Insights

The most important thing about speeding up a WordPress installations is, you guessed it – the actual speed your site loads at. A lot of people seem to forget this simple but important fact, and stare blindly at scores from for example Google Page Speed Insights instead. When speeding up a WordPress installation, the most […]

Read more »

When do WordPress sites break?

When do WordPress sites break

The topic is very general, but it can be argued that a WordPress site which is functioning properly, will continue to do so until something on the site or server changes. When do things actually break in WordPress sites? For something to break in WordPress, something has to be changed in one way or another […]

Read more »
Proudly powered by WordPress
WordPress theme by Rikard Degler
© 2018 steadywp.com