Wordpress Hardening Tips

This is a work in progress. We are currently using this to deposit any tips that we currently recommend for harding wordpress installations.

Disable xmlrpc.php access

Outside access to xmlrpc.php should be disabled unless you have a very good reason to allow it. If so, only allow from a minimal set of IP addresses if possible.

Edit your wordpress main .htaccess file and add the following snippet:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Files>
 
Important! Change xxx.xxx.xxx.xxx to IP address you wish to allow access xmlrpc.php or remove this line completely to block from everywhere. 
 

Disable file editing in the Wordpress Dashboard

File editing should rarely if ever be allowed in the Wordpress dashboard. If can be disabled by appending the following line to the wp-config.php file.

define( 'DISALLOW_FILE_EDIT', true );


Use WordFence

Use a good WordPress security scanner.  We recommend WordFence.


 

If you have any trouble with any of these recommendations or have questions, please open a ticket and ask.

  • security
  • 4076 Kasutajad peavad seda kasulikuks
Kas see vastus oli kasulik?