Link to home
Start Free TrialLog in
Avatar of dimensionav
dimensionavFlag for Mexico

asked on

How to improve security of a wordpress site?

I had this question after viewing How to restore a wordpress site?.

Considering the related question, I would like to know how to improve the security with wordpress sites, we have had alot of malware and hacking attacks, maybe what we need isn't just an isolated solution but an strategy made by many aspects.

Thanks in advance.
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Peter Hart
Peter Hart
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
+1 for @chilternPC recommendation of Hongkiat.  Much good advice there.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
All of the above is fantastic advice and if you really want to spend a lot of time and effort learning this stuff, you will greatly enhance your employment prospects as well as expertly securing your sites.

However, if it all looks and sounds like technobabble, then you need to take slightly different steps to secure your site from the hosting forward. In this case, you will want to move your site to a company that specializes is WordPress hosting and also handles your security, backups, and restores for you. The best known of the bunch is currently WPEngine and they will take responsibility for your security, backups, site speed, and more.  There are others, so do your research.
Avatar of btan
btan

Agree with all good sharing. The objective is to help customer or end user appreciate the real 'needs' compared to the 'wants'.

For the internal for the site (more of housekeeping diligence), focus on the hosting and secure coding to set the baseline for getting the first time right on what the service and vendor providers should do. Those checks serves as expected outcome as part of the security acceptances. Even if the codes are from inhouse team, there should be some form of development practices for defensive coding. The hardening of the server and application is the must have and already to be part of baseline.

For the perimeter for the site (more of external front end "fight" to settle before reaching internal), focus on the aspect of considering services like cloudflare, akamai on a ddos. protection standpoint which also covers the WAF shared earlier. Such service does not change anything at backend codes though there may be some tuning expected to be done for the false positives.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial