WordPress sites are notoriously lacking when it comes to security. Be it due to an insufficient security expertise of the developer, or the use of one of the many FREE plugins available (of which the security cannot be guaranteed). With WordPress running on 1 in 5 sites on the internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike.
1. Running the Latest Version of WordPress
Running the latest version of any WordPress is probably first the most obvious security measure that should be taken. However, with over 86% of WordPress installations running outdated versions of WordPress, this point is still one that needs to be stressed. Each update of WordPress not only brings with it new features but more importantly, it brings with it bugfixes and security fixes, which help your WordPress site remain safe against common, easy-to-exploit vulnerabilities.
2. Running the Latest Versions of Themes and Plugins
Running the latest version of WordPress alone is not enough – your site’s plugins and themes could still contain vulnerabilities that can compromise the security of your WordPress site.
Therefore, making sure that the themes and plugins you are running are all updated to their latest versions is essential. By keeping your plugins and themes up to date, you can make sure your site is covered with the latest security updates.
3. Disable File Editing
By default, WordPress allows administrative users to edit PHP files of plugins and themes inside of the WordPress admin interface. This is often the first thing an attacker would look for if they manage to gain access to an administrative account since this functionality allows code execution on the server.