Guidelines for Protecting and Hardening WordPress
Follow these guidelines to harden and protect your WordPress installation.
Sites to consult:
- WordPress Guidelines for Hardening and Protecting your installation
- Use WordFence or JetPack plugin with the security features enabled. There are plenty more out there, but these seem to be the most popular and actively updated.
Top five hints to prevent a bad day using WordPress:
- Keep your base WordPress engine up to date.
- Keep all of your plugins and themes up to date and remove any you no longer use.
- Use github to quickly rollback if you have problems. More on that outstanding service here: http://it.umn.edu/githubumnedu-service-summary
- Permissions for your WP web files should be /directories/: 755 and /files/: 644. Monitor for changes!
- Disable PHP execution for the wp-includes and uploads directories. You could certainly do that for more locations, but you risk breaking things.
If the worst happens and you do get compromised: Contact University Information Security ([email protected]) and
then check out WordPress's official FAQ: