Harden Your WordPress Website from Attack

I received an email from Natasha Wentz at MakeAWebSiteHub.com.  She had seen my earlier article on securing WordPress, and asked to be added to the resource list.  I took a look at the article, and decided that it was too good to bury in a year-old post, and I offered to write this post to feature their article.


Nicely written by Joe Fylan, the article covers WordPress security risks, and answers the question why someone would want to compromise your WordPress site.  He covers the differences between targeted and non-targeted attacks, and then dives into an explanation of the OWASP (Open Web Application Security Project) Top 10 website vulnerabilities.

Then he gets into managing WordPress security and how to harden your WordPress site. This includes

  • backup your website
  • pick a solid web host
  • use only reputable themes and plugins
  • create a strong user ID and password
  • limit access to vital part of your website
  • use a security plugin
  • monitor your website

Then he discusses what to do if your website is hacked.

If you own, operate, or manage a WordPress website, you ought to click through and take a look at this information packed article.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.