At Tigerfish we take our WordPress security very seriously indeed. So, after years of testing different set-ups we’ve compiled our top 5 security tips to help keep your sites safe as well.
If your file-system permissions aren’t set up correctly, most of your security measures could be easily bypassed by intruders.
Permissions and ownership are incredibly important in WordPress installations. Setting these up properly on your web server should be the first thing you do after installing WordPress.
The permissions we have found that work well for us are below:
The WordPress dashboard allows administrators to edit files, such as plugin and theme files by default. This is often the first tool an attacker will use if able to login, since it allows code execution.
To prevent this you need to add the line code below to your wp-config file:
CloudFlare is a free service that secures your website by acting as a proxy between your visitors and web servers. With CloudFlare, you can protect your website against malicious visitors. Tigerfish recommends the pro account which gives you the extra protection of their firewall, which has a set of pre-configured rules for WordPress websites.
All you have to do is change your domain nameservers to point to CloudFlares servers.
This plugin was on our WordPress top 5 plugins (Link to this article). It monitors your WordPress files and if the plugin detects that the files have changed, it will notify you by email.
Simple but effective. Try to use a randomly generated password that is more than 18 characters. The longer the password, the harder it is to crack. Make sure that you avoid words or names that are connected to you, as people could easily guess those types of passwords.
WordPress expressly suggests long passwords when you either create a new account or go change your existing password. If you would like to use another website to generate passwords we recommend Strong Password Generator.
So there we have it, our top 5 WordPress security tips, we hope they help to keep you safe.