- Application-side,
- Client-side, and
- Server-side.
-
Application-side:
- Update your WP version to the most recent version.
- Update your plugins.
- Review the theme’s files and search for any fishy code pieces.
- Block the internal API access.
- XML-RPC should be blocked for external users.
- Install security plugins: WP Engine, Wordfence Security, and Jetpack.
- Change your admin URL (wp-admin must be changed).
- The ability to change the website’s code from within WordPress should be blocked — code should be edited only from the server’s files.
- Admin’s passwords must be changed to stronger passwords: abc123 is not an option; new passwords should be set to something like SJO9Y&QQ6MZd#yM.
- To discover any issues, scan your website weekly with WP Scan and WordFence.
- SQL injection defense.
- Make sure your website is HTTPS protected.
-
Client-side:
- Perform client-side security scans to avoid damaging information in the user’s fields.
- Avoid building SQL queries with user input.
- Prevent the importation of external files.
- Protect client-side from XSS attacks through input validation, string output, and encoding.
-
Server-side:
- Make sure all server-side sections are handled by the hosting company.
- Install an SSL certificate on the server-side.
- Enable the recovery of information, files, and databases from at least 3 days prior.
- Allow traffic to be routed to a ‘mirror’ site when your site is down or has been hacked.
- Ensure spam- and virus-filtering systems and the application firewall mechanism are installed successfully.
Share this article
TweetCare to chat?
Message us on WhatsApp
Or use our contact form
Contact Us