Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. Wordpress hardening

Wordpress hardening

Scheduled Pinned Locked Moved WordPress (Developer)
5 Posts 5 Posters 305 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    P Offline
    privsec
    wrote on last edited by
    #1

    What steps do you take to secure/lockdown wordpress from bad actors?

    robiR P 2 Replies Last reply
    1
    • robiR Offline
      robiR Offline
      robi
      replied to privsec on last edited by
      #2

      @privsec Check out the security plugins like Wordfence and Cerber. 👍

      Conscious tech

      jdaviescoatesJ 1 Reply Last reply
      2
      • jdaviescoatesJ Offline
        jdaviescoatesJ Offline
        jdaviescoates
        replied to robi on last edited by
        #3

        @robi said in Wordpress hardening:

        Wordfence and Cerber.

        I'm not familiar with Cerber myself, but a big +1 to Wordfence, it's the first thing I install on any WordPress site.

        I use Cloudron with Gandi & Hetzner

        1 Reply Last reply
        0
        • subvenS Offline
          subvenS Offline
          subven
          wrote on last edited by subven
          #4
          • disable REST API
          • disable application passwords
          • 2FA forced for admin account(s)
          • move login page to something other than /wp-login.php
          • Captcha for user authentification
          • manually approve new registrations
          • only a couple plugins that are (auto) updated frequently
          • up to date theme
          • disable mail functionality (if this is suitable for you)

          All In One WP Security plugin is a good start and even the free version brings 90% of the necessary features.

          1 Reply Last reply
          4
          • P Offline
            P Offline
            p44 translator
            replied to privsec on last edited by
            #5

            @privsec Filter admin access by IP address, check this article:

            • Securing WordPress admin area and wp-login.php via VPN

            Let me know

            1 Reply Last reply
            1

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search