π 1. Keep Everything Updated
Core WordPress: Always update to the latest version.
Themes & Plugins: Outdated themes/plugins are the most common entry points for attackers.
Remove unused: Deactivate and delete plugins or themes you’re not using.
π‘οΈ 2. Use Security Plugins
Recommended:
Wordfence (Firewall & malware scanner)
iThemes Security (Brute force protection, 2FA, etc.)
Sucuri Security (Monitoring & cleanup)
π¨βπ» 3. Use Strong Usernames & Passwords
Avoid βadminβ as a username.
Use long, complex passwords for all accounts.
Use a password manager like Bitwarden or 1Password.
π 4. Enable Two-Factor Authentication (2FA)
Add 2FA for all administrator logins.
Use apps like Google Authenticator or Authy.
π 5. Use HTTPS
Install an SSL certificate to encrypt traffic.
Most hosts offer free SSL via Letβs Encrypt.
πͺ 6. Limit Login Attempts
Prevent brute-force attacks by limiting failed login attempts.
Use plugins like Limit Login Attempts Reloaded.
𧱠7. Disable File Editing in the Dashboard
Prevent users from editing theme/plugin files via admin.
Add to
wp-config.php: