We have written a few articles covering the subject of WordPress security. I recently received an email from John Stevens over at HostingFacts.com, inviting me to review their excellent tutorial, 28 Ways to Secure WordPress Website, written by Karol K. (@carlosinho). Find him at NewInternetOrder.com.. This is a longer article, and if you are planning to work through all 28 of the steps, you may need to allocate a day or two to get them all completed.
Karol divided the tasks into three groups, Beginner, Advanced, and Pro. You should drop what you are doing and take care of the beginner level today.
In a related post from WordFence, they published the results of a survey that investigated how WordPress site were hacked. The top two methods were through unpatched vulnerabilities in plug-ins (56%) and brute force password exploits (16%). Just completing the first seven steps in Karol’s Beginner Tier would close over eliminate over 70% of your risk.
WordPress sites have become a favorite way for cyber-criminals to deliver exploit code to their victims. Last year there were hundreds of thousands of WordPress sites hacked by cyber-criminals using commercial grade exploit kits that are easy to acquire on the Dark Web. The DIY nature of WordPress means that there are lots of sites out there built by non-technical amateurs using default user names (admin) or easy user names (like your real name) and passwords that are easy to guess or easy to break using automated brute force techniques. You do not want to be one of them, and this article will help you overcome the weaknesses you may have inadvertently allowed in your website.