Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Wordpress hardening

    WordPress (Developer)
    5
    5
    78
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      privsec last edited by

      What steps do you take to secure/lockdown wordpress from bad actors?

      robi P 2 Replies Last reply Reply Quote 1
      • robi
        robi @privsec last edited by

        @privsec Check out the security plugins like Wordfence and Cerber. 👍

        Life of Advanced Technology

        jdaviescoates 1 Reply Last reply Reply Quote 2
        • jdaviescoates
          jdaviescoates @robi last edited by

          @robi said in Wordpress hardening:

          Wordfence and Cerber.

          I'm not familiar with Cerber myself, but a big +1 to Wordfence, it's the first thing I install on any WordPress site.

          I use Cloudron with Gandi & Hetzner

          1 Reply Last reply Reply Quote 0
          • subven
            subven last edited by subven

            • disable REST API
            • disable application passwords
            • 2FA forced for admin account(s)
            • move login page to something other than /wp-login.php
            • Captcha for user authentification
            • manually approve new registrations
            • only a couple plugins that are (auto) updated frequently
            • up to date theme
            • disable mail functionality (if this is suitable for you)

            All In One WP Security plugin is a good start and even the free version brings 90% of the necessary features.

            1 Reply Last reply Reply Quote 4
            • P
              p44 translator @privsec last edited by

              @privsec Filter admin access by IP address, check this article:

              • Securing WordPress admin area and wp-login.php via VPN

              Let me know

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Powered by NodeBB