Basic WordPress Security Recommendations to easily secure any WordPress website, without the need for an Experienced WordPress Developer or System Administrator.
Please understand, this is a very basic and dumbed-down approach to WordPress security, for WordPress beginners, based on my personal experiences and preferences. I believe WordPress Security, as far as beginners are concerned, starts in the selection of a WordPress Web Host.
Web Host
I use Web Synthesis because their architecture is designed to maximize security with proactive monitoring, patching, and constantly evolving innovation. Simply put, Web Synthesis makes security a priority.
Theming Framework
I use the Genesis Framework because it was built with security in mind and the developers (StudioPress) went to great lengths to make sure WordPress Security Best Practices were followed.
Child Themes
I use child themes as the design layer, leaving the Genesis Theming Framework to handle structure and security. So, when a security issue is discovered, StudioPress can push out Genesis updates without impacting a website’s design.
User Management
I always eliminate the default user, limit the number of Administrator accounts, assign users the lowest “site role” as possible and deactivate inactive user accounts (or at the very least, change their “site role” to “subscriber” or “no role”).
If you want to take this a step further, you may be interested in the WordPress Security Audit Log plugin, which tracks what a user does, while logged in to your WordPress website.
Password Management
I use the WordPress Password Policy Manager plugin to enforce Strong Passwords for all user accounts.
Two-Factor Authentication
I use the Authy Two Factor Authentication plugin to provide an additional level of protection, beyond the security of username and password combinations.
Secure Sockets Layer (SSL)
I use the WordPress HTTPS (SSL) plugin to enforce the use of the Secure Sockets Layer (SSL) for logged in users.
Paranoid Yet?
If you want to read more about WordPress Security I recommend “WordPress Security – Cutting Through The BS” from the Sucuri Blog. This article goes much deeper into the WordPress Security Rabbit Hole, though many of their suggestions may require access to an Experienced WordPress Developer and/or System Administrator.
If you’re looking for more in-depth security than I’ve provided in this article, I suggest Sucuri Security, Premium WordPress Website Protection, Malware Removal, and Blacklist Prevention.