WordPress Meetup

WordPress Meetup Banner

We held our second WordPress meetup at KUTIA with local fans of WordPress, friends and colleagues. The topic we discussed about was security.

Some advices for WordPress developers:

WP-Config

  • Change Security Key

Login Page

  • Lockdown the login page for repetitive failed login
  • Activate 2 factor authentication
  • Rename the URL of your login page
  • Use a strong password contaning uppercase, lowercase, numbers, and special characters on all accounts (password generator)
  • Change the passwords regularly

Administrative Panel

  • Keep WordPress up-to-date
  • Do not create an account with username admin
  • Implement SSL for the WordPress admin section
  • Install any plugins to check file changes

Themes

  • Keep the theme up-to-date

Plugins

  • Keep all plugins up-to-date
  • Delete and remove unused plugins
  • Download and use plugins only from reputable sources
  • Think twice before installing a ton of plugins

Database

  • Change the default table prefix
  • Schedule weekly backup of the database

Hosting provider

  • Hire a reliable hosting provider
  • Set all folder permission to 755 and files to 644
  • Disable file edit via wp-config.php by adding the following code: define(‘DISALLOW_FILE_EDIT’,true);

—–

Join our community and meet other local fans of WordPress, the Internet’s classiest and fastest dynamic content management system.