How to Build a Secure Wordpress Environment?

How to Build a Secure Wordpress Environment ?

what are the addons ?

1 Like

That’s a tricky one, given that Wordpress is one of the least secure webdev environments to use

and part of the problem lies with the plugins. The more you add the more potential there is for the site to get breached.

That said, Wordfence is a popular firewall and security add on.

Eh… I don’t think WordPress is that insecure. People just don’t take the time to do basic security that is the same with any website you host. I had the same problems with Joomla and Drupal sites. Plus Rails and Laravel.

Start with a site like the following to read about WP security and do everything in section 4 (hardening your website) as your first stop.

Make sure you are always running everything over HTTPS. As for plugins, that is the rub. They are most likely going to be the source of security vulnerabilities as @Gandalf said. But if you go with well known and actively developed addons by developers that are very responsive to their users, and you update your plugins regularly, you should be ok. I look for plugin makers who are actually businesses. The thought here is that if a plugin is a security risk, their business is on the line and so usually gets a patch out quick. They have a lot to lose! I would also suggest you limit your plugins (another good tip by Gandalf). I rarely go above like 10 plugins.

Lastly, I would also second a plugin like Wordfence or similar security product.

Make sure the theme you choose is secure, safe, and simple to use when building the website.
Avoid adding too many plugins to your website.
Avoid the creation of new user accounts and spam.
Installing WordPress security plugins is a must.
Install a firewall and enable your SSL certificate, & backup your data on a regular basis.
Give users permission to view certain files and folders.
Enhanced security for the wp-config.php file

WordPress core is not that bad. Usually, when something happens related to security, it can be from plugin, theme. Or the site is sharing hosting with other insecure websites.

In addition to other things above, make sure that you can choose a good host. A good host can give you an isolated environment, secured web and database servers (not just with default installations), firewall, security rules, etc. It would help to eliminate a lot of attacks already.

There are several security plugins available. Make sure to install at least one. I’m usually using AIOS, because it’s free. You can install it from the WordPress plugin library. But there are better alternatives, like iThemes Security Pro.

  1. Make sure to keep your WordPress installation and plugins up to date to patch any security vulnerabilities.
  2. Use strong, unique passwords for all user accounts and implement two-factor authentication for an extra layer of protection.
  3. Regularly back up your website and database to ensure you can restore it if needed.
  4. Install a reputable security plugin to monitor for any suspicious activity and block malicious login attempts.
    You’re welcome!

Protect the login process.
Ensure WordPress hosting is secure.
Update WordPress on your computer.
Update PHP to the most recent version.
Install a security plugin or several.
Make use of a safe WordPress theme.
Enable HTTPS and SSL.
erect a firewall.

OP hasn’t returned since posting. It seems pointless to offer further advice. Thanks to those who have helped.

Topic closed.