In most cases, WordPress is compromised because its core files or plugin are outdated
We recommend the following steps:
- Keep WordPress Updated: Update and upgrade your wordpress installation and all installed plugins
- Install the security plugin listed here
- Maintain strong passwords: Ensure that your admin password is secure and preferably randomly generated
- Hide Indexes or prevent directory browsing: Be sure to disable public access to indexes whenever possible
- Backup Your Data: Backup your data regularly
- Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
These additional steps can be taken to further secure WordPress websites:
- Disable database DROP command for the DATABASE USER. This is not needed usualy for any purpose in a wordpress
- Remove README and license files since this exposes wordpress version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent viewing of the htaccess file
- Restrict access to wp-admin only to specific IPs
- A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/.
- Change Database Prefix: The prefixes of all databases are the same by default, and so they are known to others. You should change them in order to increase security.
- Theme and Plug-in Editor: The theme and plug-in editor should be disabled so that no one can modify your content.
Ladybird web solution offers top notch wordpress related security services, to avail our expertise please contact us.