- Make sure you have most up to date wordpress
- change database prefix from wp_ to something else (WSD Security plugin will do this)
- change default admin username from admin to something else (add new admin, log out, log in under new user, delete old admin, choose import posts option when u do it.)
- move config.php and files containing Passwords to MySQL to a secure directory outside of the public_html folder and then add this to to wp_config.php
require(‘new path goes here…/yourconfigfile.php’); - RESTRICT ADMIN TO YOUR IP so that no one else can login to your admin page:
go to wp-admin directory and add to htaccess file:
<LIMIT GET>
order deny,allow
deny from all
allow from your.staticip.goes.here
</LIMIT>- BEGIN WordPress
↧
How to secure wordpress
↧