https://codex.wordpress.org/Hardening_WordPress
https://codex.wordpress.org/WordPress_Housekeeping
Automatiska uppdateringar
Auto-uppdatera WordPress core, lägg detta i wp-config.php:
define( 'WP_AUTO_UPDATE_CORE', true );
Plugins:
add_filter( 'auto_update_plugin', '__return_true' );
Teman:
add_filter( 'auto_update_theme', '__return_true' );
Ta bort plugin och theme editor
define( 'DISALLOW_FILE_EDIT', true );
Säkerhetspluggar/malware-scanners
https://wordpress.org/plugins/sucuri-scanner/
https://wordpress.org/plugins/better-wp-security/
https://secupress.me/
Two-factor Auth
https://wordpress.org/plugins/google-authenticator/
https://wordpress.org/plugins/two-factor-authentication/
https://wordpress.org/plugins/wpclef/
https://wordpress.org/plugins/rublon/screenshots/
Limit login attempts
https://wordpress.org/plugins/login-lockdown/
https://wordpress.org/plugins/login-security-solution/
Flytta wp-login
https://wordpress.org/plugins/sf-move-login/
https://wordpress.org/plugins/rename-wp-login/
https://wordpress.org/plugins/hide-login/
https://wordpress.org/plugins/lockdown-wp-admin/
Loggar
https://wordpress.org/plugins/audit-trail/
https://wordpress.org/plugins/simple-login-log/
Backup-lösningar
https://wordpress.org/plugins/wordpress-backup-to-dropbox/
https://wordpress.org/plugins/updraftplus/
https://vaultpress.com/
https://ithemes.com/purchase/backupbuddy/
Deny wp-config
order allow,deny deny from all
Göm login-fel
add_filter('login_errors',create_function('$a', "return null;"));
File permissions
Mappar 755 eller 750
Filer 644 eller 640
wp-config.php 600
Ta bort error-reporting
wp-config:
error_reporting(0); @ini_set(‘display_errors’, 0);
Allow/deny på IP
order deny,allow allow from 192.168.5.1 allow from 123.456.7.8 deny from all
order allow,deny deny from 456.123.8.9 allow from all
Övrig läsning
https://premium.wpmudev.org/blog/creating-a-disaster-recovery-plan-for-your-wordpress-site/
