Wordpress Security

Expand / Collapse

Summary

This article provides the steps that Edge Hosting recommends to lock down Wordpress installations.  This KB was created in light of the recent Wordpress attacks against default 'admin' users.

Overview and Suggested Actions

A recent Wordpress exploit/bot is attempting to compromise Wordpress admin users.  At the current time, this only applies to Wordpress installations with the default 'admin' user still active.  If you have already changed the 'admin' username, you are secured against this attack currently.  However, Edge Hosting still recommends the below actions to further secure your Wordpress installation.
    • As mentioned, change the default 'admin' user and user ID to something different.  At this time, also change the password to a secure password. Edge recommends at least an 8 character password with symbols, numbers, uppercase, and lowercase letters. 
    • Always keep plugins, themes, and Wordpress up-to-date.
    • Remove any unused themes and plugins.  If you're not using them, remove them.  These items can always be installed later.
    • Install the free Wordpress Plugin from Duo Security.  You will need to sign up for a free account with Duo Security first and then install the Duo Security Plugin.  More information on Duo Security and the Wordpress Plugin is available on their documentation site.  Once installed, you will register a phone number with Duo Security to push a code to your device (iOS, Android, etc), SMS the code to your mobile phone, or call your phone (mobile, landline).  At that time, you will be asked if the request is legitimate or not and can proceed from there.
    • Install the WP Better Security Plugin from Wordpress.  What this plugin has the capability to do is change the Wordpress admin login URL to something of your choosing, rename the default admin user, displays a random version number of Wordpress to those attempting to compromise the site, and other features.
    • Install the Sucuri Scanner plugin for Wordpress.  This will check the site for vulnerabilities and give a user more insight into what is going o


    Rate this Article:


    Details

    Last Modified:Thursday, April 16, 2015 11:19 AM

    Type: HOWTO

    Level: Intermediate

    Rated 5 stars based on 1 vote

    Article has been viewed 2,925 times.

    Options
    Email Article Email Article


    Social Bookmarks Social Bookmarks