1. Make sure you have most up to date wordpress
  2. change database prefix from wp_ to something else (WSD Security plugin will do this)
  3. change default admin username  from admin to something else (add new admin, log out, log in under new user, delete old admin, choose import posts option when u do it.)
  4. move config.php and files containing Passwords to MySQL to a secure directory outside of the public_html folder and then add this to to wp_config.php
    require(‘new path goes here…/yourconfigfile.php’);
  5. RESTRICT ADMIN TO YOUR IP so that no one else can login to your admin page:
    go to wp-admin directory and add to htaccess file:
    order deny,allow
    deny from all
    allow from your.staticip.goes.here

    1. BEGIN WordPress
  6. install wp secure plugin and select most of the options!
  7. Store your PHP passwords to access your MySQL databases in a file with a .inc.php and  place this file in a directory which is above the server’s document root.
  8. Run WP Security Scan


1 Comment on How to secure wordpress

  1. Yuliya says:

    Good day Wayne!
    Thank you very much for your theme slidingdoor.
    I have one problem about this and I just hope you can help me. Could you please tell me if there is the “use as featured image” option? I can’t find it anywhere. I really want use this theme for our website and will be very apset if there wasn’t any way to use it.
    Thank you in advanced.

Leave a Reply