Wordpress hardening
-
@robi said in Wordpress hardening:
Wordfence and Cerber.
I'm not familiar with Cerber myself, but a big +1 to Wordfence, it's the first thing I install on any WordPress site.
-
- disable REST API
- disable application passwords
- 2FA forced for admin account(s)
- move login page to something other than /wp-login.php
- Captcha for user authentification
- manually approve new registrations
- only a couple plugins that are (auto) updated frequently
- up to date theme
- disable mail functionality (if this is suitable for you)
All In One WP Security plugin is a good start and even the free version brings 90% of the necessary features.
-
@privsec Filter admin access by IP address, check this article:
Let me know
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login