Library Technology – Reviews, Tips, Giveaways, Freeware

Steps to Secure WordPress

Posted In Wordpress tips - By Techtiplib on Thursday, October 15th, 2015 With No Comments »

There are many ways to secure WordPress, but the following steps are helpful hints from the iTheme for you to consider in securing your site:

  1. Before you begin, make a full backup of your WordPress site
  2. Whitelist your IP address in the Dashboard area
  3. Click on the Settings Tab at the top menu area
  4. Check the option to “Allow iThemes Security Pro to write to wp-config.php“
  5. Verify that your email address is correct
  6. Check the box next to “Send digest email” to cut down on notification emails
  7. Click Save All Settings button at the base of the Global Settings section
  8. Modern securityIn the 404 Detection section, check the box next to “Enable 404 detection“
  9. Click Save All Settings button at the base of the 404 Detection section
  10. In the Banned Users section, check the box next to “Enable HackRepair.com’s blacklist feature“
  11. Check the box next to “Enable ban users“
  12. Click Save All Settings button at the base of the Banned Users section
  13. In the Brute Force Protection section, enter your email address in the field next to “Get your iThemes Brute Force Protection API Key“
  14. Check the box next to “Enable local brute force protection“
  15. Check the box next to “Immediately ban a host that attempts to login using the “admin” username“
  16. Click Save All Settings button at the base of the Brute Force Protection section
  17. In the Strong Passwords section, click the box next to “Enable strong password enforcement“
  18. We recommend setting the drop-down box next to “Select Role for Strong Passwords” to Subscriber
  19. Click Save All Settings button at the base of the Strong Passwords section
  20. Check ALL THE BOXES in the System Tweaks section
  21. Click Save All Settings button at the base of the System Tweaks section
  22. In the WordPress Tweaks section, check the box next to the following options:
    • Remove the Windows Live Writer header
    • Remove the RSD (Really Simple Discovery) header
    • Reduce Comment Spam
    • Disable File Editor
    • Force users to choose a unique nickname
    • Disables a user’s author page if their post count is 0
  23. Also in the WordPress Tweaks section, set the drop-down box in the XML-RPC section to Completely Disable XML-RPC
  24. Click Save All Settings button at the base of the WordPress Tweaks section
  25. Click on the top Pro tab and in the Malware Scan Scheduling section, check the box next to “Enable scheduled malware scanning“
  26. Make sure the “Email Contacts” are going to the people you want to receive alert notifications
  27. Click Save All Changes button at the base of the Malware Scan Scheduling section
  28. In the WordPress Passwords section, check the box next to “Enable Password Expiration“
  29. Make sure the amount of days in the “Maximum Password Age” is set at the desired number of days before expiration
  30. Click the Save All Changes button at the base of the WordPress Passwords section
  31. In the Two-Factor Authentication section, check one or more of the boxes in the “Enable Two-Factor Providers” section
  32. Follow the video to see the full demonstration on how to work with two-factor authentication
  33. Click the Save All Changes button at the base of the Two-Factor Authentication section
  34. Check to make sure your WordPress site is working as desired
  35. Make a new full backup of your WordPress site

Source: https://ithemes.com/2015/10/12/best-settings-for-ithemes-security-pro-checklist/

About - Hey, this blog belongs to me! I am the founder of TechTipLib and managing editor right now. And I love to hear what do you think about this article, leave comment below! Thank you so much...