WordPress Security

October 23,

A complete and thorough look at the WordPress Security features

We apply everything here for all our Customer Websites that we host / build websites for.

Wordpress Security

Access Hardening

There are a number of well known and lesser known issues with WordPress, that can be applied to Harden your WordPress website, making it more secure. Most of these require editing the htaccess.php file in your website root. One of the great things about WordPress being open source is that these fixes are easy to come by. - whether using. a plugin or custom code.

  • Restrict access to files and directories
  • Configure security keys
  • Block access to xmlrpc.php
  • Block directory browsing
  • Forbid execution of PHP scripts in the wp-includes directory
  • Forbid execution of PHP scripts in the wp-content/uploads directory
  • Block access to wp-config.php
  • Disable scripts concatenation for WordPress admin panel
  • Turn off pingbacks
  • Disable PHP execution in cache directories
  • Disable file editing in WordPress Dashboard
  • Change default database table prefix
  • Enable bot protection
  • Block access to sensitive files
  • Block access to potentially sensitive files
  • Block access to .htaccess and .htpasswd
  • Block author scans
  • Change default administrator's username

Security Headers

Website security headers are an important aspect of protecting a website from various cyber threats and attacks. These headers are lines of code that are sent from a web server to a browser, providing instructions on how the browser should behave when accessing and interacting with the website. They help to enhance the security and privacy of a website by implementing various measures such as content security policies, HTTP strict transport security, and cross-origin resource sharing. These headers can prevent attacks like cross-site scripting, clickjacking, and data injection. It is crucial for website owners to understand and implement these security headers to safeguard their websites and users' data.

We Evolve With Security

Security headers are a constantly evolving set of criteria, when new technologies and new standards to protect your website emerge, it is important to keep up to date and add new code when it is needed. We use online tools to keep our website up to date with these headers, included FREE if you have a hosting package with us.

website security headers

Additional WordPress Security

Server Level Firewall

A server firewall acts as a security barrier between a server and the internet. It monitors and filters incoming and outgoing network traffic to prevent unauthorized access and protect the server from potential threats. It works by examining the source and destination of each network packet and applying predefined rules to allow or block certain types of traffic. This helps to ensure that only legitimate and safe connections are allowed, while malicious or suspicious activity is blocked.

Up to date PHP

PHP is a programming language used to create dynamic websites. It allows developers to embed code within HTML, making it easy to generate dynamic content. PHP has evolved over time, with the latest version being PHP 8. It introduces new features and improvements, such as a JIT compiler for faster performance and union types for more flexibility in variable declarations. PHP is widely supported and used by popular platforms like WordPress and Facebook.

Litespeed mod_security

Litespeed Mod Security is a web application firewall (WAF) that protects websites from various cyber threats. It offers comprehensive security features, such as protection against SQL injection, cross-site scripting, and remote file inclusion attacks. The firewall operates at a high speed, ensuring minimal impact on website performance. It includes advanced filtering rules and malicious IP blocking capabilities. Litespeed Mod Security also provides real-time monitoring and reporting, allowing website owners to stay updated on potential security breaches. Overall, it is a powerful tool for enhancing website security and safeguarding against malicious activities.

Website Level Firewall

A website firewall is a security measure that protects websites from cyber attacks. It acts as a barrier between the website and malicious traffic, filtering out harmful requests. It monitors incoming and outgoing traffic, detecting and blocking suspicious activity. It can prevent unauthorized access, hacking attempts, malware infections, and DDoS attacks. The firewall analyzes the data packets and filters out malicious code or harmful requests. It helps maintain the website's availability, integrity, and confidentiality while ensuring a safe browsing experience for visitors.

Vulnerability Scan

A vulnerability scan is a process that checks a website for weaknesses that could be exploited by hackers. It involves using automated tools to scan the site's code and configuration for security flaws. These flaws could include outdated software, weak passwords, or misconfigured settings. The scan generates a report that highlights the vulnerabilities found, allowing website owners to take necessary actions to fix them and protect their site from potential attacks.

Malware Scan

A malware scan website is a service that checks for malicious software on a website. It searches for any harmful code or files that could compromise the security of the site or its visitors. It scans the website's content, files, and code to identify any potential threats. This is important because malware can steal personal information, infect other devices, or cause damage to the website. The scan helps to ensure the website is safe and secure for users.

Block Bad Bots

Blocking bad bots on a website is important for security and performance. These bots are automated programs that can harm a website by spamming, scraping content, or launching attacks. To block them, website owners can use tools like CAPTCHA, IP blocking, and user agent filtering. CAPTCHA requires users to prove they are human, IP blocking prevents access from specific IP addresses, and user agent filtering blocks requests from specific user agents. These measures help ensure that only legitimate users can access the website and protect it from malicious activity.

I'm a UI / UX Designer living in Sheffield. I have a real passion for everything digital, movies and motorbikes.

We're Going Green

We're Acting to Offset Our Carbon Footprint

50x trees planted for every website we create / host
We offset the carbon generated from day to day operations
100% renewable energy usage at Google servers
2x carbon offset from Stablepoint
view us on ecologi