Security advices for Wordpress websites cms!
First step change file rights from (not for all web hosting):
644 -rw-r–r– /home/user/wp-config.php
644 -rw-r–r– /home/user/cgi-bin/.htaccessto
600 -rw——- /home/user/wp-config.php
600 -rw—— /home/user/cgi-bin/.htaccessSecond step - add new line into wp-config.php
define( 'DISALLOW_FILE_EDIT', true );step 3
block registrations on website in settings
step 4
block author pages by adding to functions.php
function author_page_redirect() {
if ( is_author() ) {
wp_redirect( home_url() );
}
}
add_action( 'template_redirect', 'author_page_redirect' );step 5 to functions.php for disable xmlrpc
function remove_xmlrpc_pingback_ping( $methods ) { unset($methods['pingback.ping']); unset($headers['X-Pingback']); return $methods; } add_filter('xmlrpc_enabled', '__return_false'); add_filter('xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );step 6 protect admin
This plugin is good WP Limit Login Attempts
or this one
https://wordpress.org/plugins/limit-login-attempts-reloaded/
step 7 add ssl
or use plugins or read here
also you can use special plugins
like this sucuri
and this one