How to make your WordPress site more secure

With more than 23% of all websites running on some version of WordPress, this makes the platform more vulnerable to malicious attacks. The following tricks might help you add more security to your WP site.

Additional security via plugins

Adding CAPTCHA, puzzles or other types of human authentication methods to your login page is recommended. This would deter any brute force login attempts. You could also consider a two-factor authentication plugin for WP administrative accounts. Plugins such as Wordfence Security help to enforce strong passwords and can also scan your file system for any vulnerabilities. Document yourself before adding a plugin by reading reviews as some of them might be responsible for causing vulnerabilities.

Use Secure FTP and VPN

A secured file transfer protocol (SFTP) implies that your file system and login credentials are safe on any home or public network that you access them from. You could enquire with your provider about SFTP to connect securely. Usually, if your traffic is not encrypted, anyone with a network analyzer (packet sniffer) could have easy access to your login information.

You could even go a step further by using a Virtual Private Network (VPN) when connecting via an untrusted network. The VPN offers encrypted data connections between your computer to the server. All that would be visible on your local network would be a list of random encrypted data.

Add security to your file system

You can secure your file system by adding file permissions to restrict access of information to certain users only. WordPress offers a guide on how to set permissions on folders. You could also secure important files such as wp-config.php and the wp-includes folder.