The security of your WordPress is something that many of us take for granted. That is, until that security is breached. I've had malware installed on some of my websites before so I know the importance of protecting my websites and making sure they always use the latest version of WordPress.
One plugin I recommend for this is Better WP Security. The plugin allows you to perform over 21 vital security checks at the click of a button.
It's better to backup your database before changing any settings. I was able to skip this step as my files are backed up every hour with VaultPress.
The plugin can automatically tweak files for you. Due to my lazy nature, I chose this option, as it allows many security issues to be fixed by a click.
There are over a dozen different sections in the admin area. you can go through each section one by one but it's much easier to hit the ‘Secure My Sites From Basic Attacks' button.
Once you click on the ‘Secure My Sites From Basic Attacks' button you will be given a list of 21 security issues. Each issue has a status of either green (secure), orange (partially secure), red (not secured) and blue (confliction). You can then address each issue individually.
Here's what the plugin can do for you:
- Remove the meta “Generator” tag
- Change the urls for WordPress dashboard including login, admin, and more
- Completely turn off the ability to login for a given time period (away mode)
- Remove theme, plugin, and core update notifications from users who do not have permission to update them
- Remove Windows Live Write header information
- Remove RSD header information
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Removes login error messages
- Display a random version number to non administrative users anywhere version is used
- Hide sensitive areas of the site and protect it by blocking users that shouldn't be there, therefore increasing the security of passwords and other vital information.
- Scan your site to instantly tell where vulnerabilities are and fix them in seconds
- Ban troublesome bots and other hosts
- Ban troublesome user agents
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts
- Strengthen server security
- Enforce strong passwords for all accounts of a configurable minimum role
- Force SSL for admin pages (on supporting servers)
- Force SSL for any page or post (on supporting servers)
- Turn off file editing from within WordPress admin area
- Detect and block numerous attacks to your filesystem and database
- Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.
- Detect bots and other attempts to search for vulnerabilities
- Monitor filesystem for unauthorized changes
- Should the worst happen, Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.
- Create and email database backups on a customizable schedule
- Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
- Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.
If you're not currently using a security plugin for WordPress, I recommend installing Better WP Security. You'll be surprised at the number of security issues it flags up for you.
Link: Better WP Security