To secure WordPress blog and prevent or protect yourself from an attack or loss of information, I recommend the following WordPress security tips:
Backups. San Backup
Make regular backup copies of the database and files from the hosting control panel or with a plugin. It is important to download and try them!
We must put strong passwords to users and change them regularly and do not use them elsewhere. They must contain at least 9 characters with combinations of uppercase and lowercase letters and numbers.
Don’t use admin user
The first thing a hacker does to try to enter with the admin account, so it is necessary to change the admin user name to another name when installing. If you have already created it, it cannot be deleted, but it can be demoted to a subscriber and create another administrator with another name.
Use latest WordPress version and update plugins
Install or update to the latest version of WordPress. Fix security holes. Before updating you should be careful to check that it is compatible with the current plugins you have installed and the current theme.
It is also important to check that you have the latest version of the plugins you use and that they are compatible with the version of WordPress you use.
Use plugin that limits access attempts
The Plugin Login Limit attempting limits the number of attempts to access the administration panel to avoid a dictionary attack from the same IP address using cookies. http://wordpress.org/plugins/limit-login-attempts/
Delete unnecessary files after installation
Delete install.php and readme.html files. After installation we don’t need them anymore.
Use secret keys
Generate secret keys in the wp-config. To generate the keys we will have to visit the URL indicated by the wp-config.php file, which is https://api.wordpress.org/secret-key/1.1/salt/
Use a security plugin
WP- Security Scan. This plugin checks your blog for vulnerabilities and suggests corrective actions such as:
- File permissions.
- Database security.
- Hide version.
- Admin user protection.
- Remove META tag from Wp from code.
And you, what security tips do you include in your WordPress?