Securely protect and protect WordPress

[fusion_builder_container hundred_percent = & #8220; no & #8220; equal_height_columns = #8220 NO #8220; menu_anchor = #8220; & #8220; hide_on_mobile = #8220; small-visibility, medium-visibility, large-visibility & #8220; class = & #8220; & #8220; id = & #8220; & #8220; background_color = #8220; & #8220; Background_Image = #8220; & #8220; background_position = & #8220; center center & #8220; background_repeat = #8220; no-repeat & #8220; fade = #8220 NO #8220; background_parallax = #8220; none & #8220; parallax_speed = #8220; 0.3 & #8243; video_mp4 = #8220; & #8220; video_webm = #8220; & #8220; video_ogv = #8220; & #8220; video_url = #8220; & #8220; video_aspect_ratio = #8220; 16: 9 & #8243; video_loop = #8220; yes & #8220; video_mute = #8220; yes & #8220; overlay_color = #8220; & #8220; video_preview_image = #8220; & #8220; border_size = #8220; & #8220; border_color = #8220; & #8220; border_style = #8220; solid & #8220; padding_top = #8220; & #8220; padding_bottom = #8220; & #8220; padding_left = #8220; & #8220; padding_right = & #8220; & #8220;] [fusion_builder_row] [fusion_builder_column type = & #8220; 1_1 & #8243; layout = & #8220; 1_1 & #8243; background_position = & #8220; left top & #8220; background_color = #8220; & #8220; border_size = #8220; & #8220; border_color = #8220; & #8220; border_style = #8220; solid & #8220; border_position = #8220; all & #8220; spacing = #8220; yes & #8220; Background_Image = #8220; & #8220; background_repeat = #8220; no-repeat & #8220; padding_top = #8220; & #8220; padding_right = #8220; & #8220; padding_bottom = #8220; & #8220; padding_left = #8220; & #8220; margin_top = #8220; 0px & #8220; margin_bottom = #8220; 0px & #8220; class = & #8220; & #8220; id = & #8220; & #8220; animation_type = #8220; & #8220; animation_speed = #8220; 0.3 & #8243; animation_direction = #8220; left & #8220; hide_on_mobile = #8220; small-visibility, medium-visibility, large-visibility & #8220; center_content = #8220 NO #8220; last = & #8220 NO #8220; min_height = #8220; & #8220; hover_type = #8220; none & #8220; link = & #8220; & #8220;] [fusion_text columns = & #8220; & #8220; column_min_width = #8220; & #8220; column_spacing = #8220; & #8220; rule_style = #8220; default & #8220; rule_size = #8220; & #8220; rule_color = #8220; & #8220; hide_on_mobile = #8220; small-visibility, medium-visibility, large-visibility & #8220; class = & #8220; & #8220; id = & #8220; & #8220]

The CMS and blog system WordPress enjoys great popularity. Thanks to the many and good plugins, the functionality can be expanded almost arbitrarily, but should also be taken to not use every x any plugin.

WordPress is often used today as a CMS or shop system with corresponding plugins. Overall, WordPress runs on a good quarter of all websites worldwide, which makes the application a very popular target.

Below is an extensive collection of useful tips and plugins to make WordPress more secure.

basic protection

These simple tips should be implemented by anyone using WordPress.

  • install updates regularly
    • especially from WordPress itself
    • but also plugins and themes should be updated when new versions are available
  • delete unused plugins and themes
  • Administrator account
    • if possible, only one administrator account
    • Administrator account should not have the default username "admin"
    • do not write articles with the administrator account, but via separate accounts with editorial rights
  • Use different passwords for WordPress Admin, Database and FTP
  • Use "secure" passwords
    • Upper and lower case, numbers and special characters use
    • long passwords, the more digits the better (12 digits or more are good)
  • regular and automatic data backup
    • Save database and files
    • For example, you can do both with the Plugin BackWPup be done
    • Do not keep backups on the server

Extended protection

The tips here are much more complex to implement and should only be followed by experienced users who know what they are doing. For beginners, the tips under "basic protection" are sufficient.

  • Access protection for the backend (admin area) using .htaccess
  • Use TLS encryption for the backend or directly for the entire website
  • Disable XML-RPC interface / set up access protection
    • has been activated by default since WordPress 3.5
    • Disadvantage: Trackbacks from other blogs can no longer be received
    • Disable XML-RPC interface completely via "functions.php"
      / * Disable XML-RPC * / add_filter ('xmlrpc_enabled', '__return_false');
    • alternatively restrict access to file "xmlrpc.php"
      # up to and including Apache 2.3 # auth protection xmlrpc.php AuthType Basic AuthName "Restricted Admin-Area" AuthUserFile /path/to/.htpasswd Require valid-user # as of Apache 2.4 # auth protection xmlrpc.php AuthType Basic AuthName "Restricted Admin-Area "AuthUserFile /path/to/.htpasswd Require valid-user 
      
  • Restrict admin access to specific IP addresses
    # up to and including Apache 2.3 # protect wp-login.php Order deny, allow Deny from all Allow from [DYNAMIC.DNS.NAME] # from Apache 2.4 # protect wp-login.php Require host example.org
    
  • reliable hoster use
  • current versions of PHP and webserver (Apache, nginx, ...)
  • clean web server configuration

 

[/ Fusion_text] [/ fusion_builder_column] [/ fusion_builder_row] [/ fusion_builder_container]

en_USEnglish
de_DEDeutsch en_USEnglish
Scroll to Top