How to Build a Secure Wordpress Environment ?
what are the addons ?
1 Like
That’s a tricky one, given that Wordpress is one of the least secure webdev environments to use
and part of the problem lies with the plugins. The more you add the more potential there is for the site to get breached.
That said, Wordfence is a popular firewall and security add on.
Eh… I don’t think WordPress is that insecure. People just don’t take the time to do basic security that is the same with any website you host. I had the same problems with Joomla and Drupal sites. Plus Rails and Laravel.
Start with a site like the following to read about WP security and do everything in section 4 (hardening your website) as your first stop.
Make sure you are always running everything over HTTPS. As for plugins, that is the rub. They are most likely going to be the source of security vulnerabilities as @Gandalf said. But if you go with well known and actively developed addons by developers that are very responsive to their users, and you update your plugins regularly, you should be ok. I look for plugin makers who are actually businesses. The thought here is that if a plugin is a security risk, their business is on the line and so usually gets a patch out quick. They have a lot to lose! I would also suggest you limit your plugins (another good tip by Gandalf). I rarely go above like 10 plugins.
Lastly, I would also second a plugin like Wordfence or similar security product.