{"id":19893,"date":"2016-10-27T12:07:09","date_gmt":"2016-10-27T17:07:09","guid":{"rendered":"https:\/\/wpengine.com\/?p=19893"},"modified":"2024-01-03T00:05:37","modified_gmt":"2024-01-03T06:05:37","slug":"15-ways-harden-wordpress-security","status":"publish","type":"post","link":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/","title":{"rendered":"15 Ways To Harden The Security Of Your WordPress Site"},"content":{"rendered":"

\u201cSecurity is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and\/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.\u201d<\/em> \u2014 codex.wordpress.org<\/a><\/p>\n

Website security is often a top concern for WordPress site owners and prospects. While 28 percent<\/strong> of all websites on the internet are powered by WordPress, because of its\u00a0popularity the CMS is often targeted by hackers. However, that doesn’t mean your site has to fall victim to malicious behavior.<\/p>\n

While no system is 100 percent hack-proof, there are certain measures you can take to prevent a hacked WordPress site.\u00a0To reduce your chances of being affected by a disastrous brute-force or DDoS attack, read below for the most important WordPress security tasks you should\u00a0implement to become more proactive against potential threats.<\/p>\n

15 WordPress Security Tips<\/h2>\n

Keep WordPress core, themes, and plugins up to date<\/h3>\n

The most common culprit of a hacked WordPress website is due to an outdated component. Outdated plugins, themes, and core open the portal for a potentially hacked site. When left un-updated, these outdated files are traceable and\u00a0make your site a target by outside intruders.<\/p>\n

In fact, in one study\u00a054 percent<\/a> of reported WordPress security vulnerabilities belonged to outdated WordPress plugins<\/strong> (outdated WordPress core<\/strong> accounted for 37 percent and outdated WordPress themes<\/strong> accounted for 11 percent of vulnerabilities).<\/p>\n

Ensuring your WordPress site is up-to-date is simple. When you see an orange notification in your WordPress dashboard next to plugins, themes, or a notification to upgrade WordPress, update ASAP<\/strong>!<\/p>\n

\"wordpress<\/p>\n

If your site is hosted with WP Engine, we’ll automatically run these WordPress core updates for you, although you will need to be attentive with themes and plugins to update them accordingly to protect your website from malware.<\/p>\n

Consistently updating your plugins is key to any successful and secure WordPress site. To help you manage your plugins with confidence, WP Engine created the\u00a0Smart Plugin Manager<\/a>. \u00a0Smart Plugin Manager is an automated solution that checks your plugins for updates nightly and ensures that when updates happen, your site doesn\u2019t break.<\/p>\n

How to configure automatic updates<\/h4>\n

If you’d rather not do it manually, you can configure automatic updates. To auto-upgrade WordPress core,\u00a0insert this code into your wp-config.php file:<\/p>\n

define( 'WP_AUTO_UPDATE_CORE', true );<\/pre>\n
For plugins, use:<\/p>\n
add_filter( 'auto_update_plugin', '__return_true' );<\/pre>\n
For themes, use:<\/p>\n
add_filter( 'auto_update_theme', '__return_true' );<\/pre>\n
Only install trusted WordPress plugins and themes<\/h3>\n
\"wordpress-security-tips-trusted-plugins\"<\/a>
On WordPress.org the “Popular” and “Featured” sections of the plugin directory are a good place to start when looking for trusted, secure plugins.<\/figcaption><\/figure>\n
To detect if a theme or plugin can be trusted or not, first, read its ratings. There you can find clues to whether there have been security breaches or issues in the past, like buggy updates.<\/p>\n
You’ll also want to check to see when a plugin\/theme was last updated. If a plugin or theme hasn\u2019t received an update in some time (say years), then the inactiveness in that plugin\/theme is a sign you should look somewhere else.<\/p>\n
In addition, analyzing a plugin or theme\u2019s popularity is another way to better ensure you aren\u2019t installing malicious code into your WordPress site.<\/p>\n
A plugin\/theme that\u2019s widely popular isn\u2019t<\/em>\u00a0necessarily less likely to be targeted by hackers but is more likely to be updated with security patches regularly due to its wide use.<\/p>\n
Remove Unused Plugins and Themes<\/h3>\n
\"themes\"<\/p>\n
Over time, your WordPress site will require some housekeeping<\/a>.<\/p>\n
As you start to accumulate themes and plugins, you should go through and dispose of the ones you no longer use.\u00a0Getting rid of unnecessary clutter is likely to make your site run faster, as well as remove security vulnerabilities from stagnant or outdated add-ons.<\/p>\n
If using WordPress multisite, try using a plugin like Plugin Activation Status<\/a> to perform a plugin audit and detect unused plugins across all sites in the multisite network.<\/p>\n
See the\u00a0codex on WordPress housekeeping<\/a> for more information on how to remove unused plugins and themes.<\/p>\n
Install a WordPress security plugin<\/h3>\n
Installing a WordPress\u00a0security plugin<\/a>\u00a0is a no-brainer when it comes to enhancing the security of your site. To become more proactive against security threats, try installing a plugin like one of these to minimize any security vulnerabilities.<\/p>\n
(If you’re a WP Engine customer, be sure to check our disallowed plugins list<\/a> as there are a few WordPress security plugins we already install for you.)<\/p>\n
Sucuri Security<\/h4>\n
\"wordpress<\/a><\/p>\n
iThemes Security<\/h4>\n
\"WordPress<\/p>\n
Bulletproof Security<\/h4>\n
\"WordPress<\/a><\/p>\n
Regularly backup your WordPress site<\/h3>\n
\"WordPress
WP Engine offers daily site backups and one-click restore so you can rest at ease knowing your work is safe.<\/figcaption><\/figure>\n
Even if you take the above security precautions (and the ones listed after) you should always backup your WordPress site.<\/p>\n
Backing up your WordPress site is fairly easy to do, as given these\u00a0instructions by WordPress<\/a>. Or you can try a plugin like BackupBuddy<\/a>.<\/p>\n
If it\u2019s something you\u2019d rather not have to worry about, WP Engine conducts automatic backups<\/a> for you every day. That way you can rollback to your original site *should*\u00a0you ever lose your site due to\u00a0an outside invasion.<\/p>\n
Enforce Strong Passwords and Usernames<\/h3>\n
\"wordpress-security-strong-password\"<\/p>\n
We\u2019re all guilty of using a password that\u2019s simple to remember. But using an easy password, say one that contains your birth year, makes it easier for hackers to crack the code using brute force automated scripts, which continuously try to guess your password and username over and over.<\/p>\n
To ensure your password is strong and secure enough,\u00a0use a tool like\u00a0Strong Password Generator<\/a> or Strong Random Password Generator<\/a>.<\/p>\n
You should also force other users on your site to use a strong password. You can use a WordPress plugin like Force Strong Passwords<\/a>\u00a0to enforce strong passwords. (If you’re a WP Engine customer, we automatically install this plugin for you<\/a>.)<\/p>\n
Use two-factor authentication (2FA)<\/h3>\n
Enabling 2FA adds an extra layer of security to your login credentials. 2FA works by requiring a second factor of information that only you can give, like a code sent to your phone to verify your activity on a specific computer.<\/p>\n
That way it\u2019s harder for an intruder to steal your information if they log in through a different\u00a0device.<\/p>\n
Here are some WordPress plugins you can use for 2FA:<\/p>\n
\"WordPress
\nGraphic Source: Google Support
\n<\/a><\/em>
\n\u2022 Google Authenticator<\/a>
\n\u2022 Duo Two-Factor Authentication<\/a>
\n\u2022 Two Factor Authentication<\/a>
\n\u2022 Clef<\/a>
\n\u2022 Authy
\n<\/a>\u2022 Rublon 2FA<\/a><\/p>\n
As a WP Engine customer, you can implement\u00a0Two-Factor authentication<\/a>\u00a0through the User Portal.<\/p>\n
Change or omit the “admin” username<\/h3>\n
\"security-wordpress-admin\"<\/p>\n
By default, WordPress gives the primary domain account the username \u201cadmin\u201d. Leaving the username as \u201cadmin\u201d is an instant security threat to your site. If an attacker wants to crack the code, half of the puzzle is already solved and all that’s left to guess is your password.<\/p>\n
Removing or changing the “admin” username is the next step to improving site security. To do this, simply go to the “users” section of the WordPress admin panel and rename or delete the “admin” account or username.<\/p>\n
WP Engine does not allow the use of the “admin” username and will automatically remove it for you, replacing the admin name with a \u201cwpengine account\u201d name. This account is used by our support team. We implement special configurations to prevent attacks on the \u201cwpengine\u201d user account specifically.<\/p>\n
Limit Login Attempts<\/h3>\n
\"wordpress-security-login\"<\/p>\n
WordPress doesn’t have a limit as to how many times one can guess a password to log in. This presents a problem because determined hackers won’t give up.<\/p>\n
For example, a hacker could use a script to enter different password combinations (called brute-force attacks) until\u00a0they’ve cracked the code.<\/p>\n
To resolve this issue, you should limit login attempts. Here are some plugins built for limiting logins:<\/p>\n
\u2022 Login Lockdown<\/a>
\n\u2022 Limit Login Attempts
\n<\/a>\u2022\u00a0Jetpack Protect<\/a><\/p>\n
To prevent forgetful customers or employees from getting locked out, you can also whitelist certain IP addresses (Jetpack Protect is great for this).<\/p>\n
If you’re on WP Engine, we’ve also built\u00a0proprietary security<\/a> into our platform to help limit login attempts.<\/p>\n
Monitor\u00a0Incoming Attacks<\/h3>\n
It’s vital to log incoming security attacks so you’re aware of what’s going on inside your WP installation from a historical perspective. Here are a couple tools that can help you with\u00a0malware monitoring:<\/p>\n
\u2022 Sucuri Security<\/a>
\n\u2022\u00a0WP Security Audit Log<\/a><\/p>\n
Getting insight into what’s happening in your WordPress installation via a website malware scan tool is a good idea for tighter security and an easier diagnosis of any issues that might arise. You can also use malware services such as WP Security for check-ups and removal.<\/p>\n
Use SSL for data security<\/h3>\n
Enabling SSL is the next crucial step to a more secure site. SSL (Secure Sockets Layer) encrypts all information sent to and from your site. That way the private data visitors share with your site stays private.<\/p>\n
Using SSL ensures that hackers can’t see or intercept the data your users share on your site. The secure tunnel SSL creates is especially important with sensitive information, like credit card numbers, usernames, and passwords.<\/p>\n
\"wp-engine-site-security\"<\/p>\n
Identifying whether or not a site is SSL certified is simple. An SSL certified site will start with an\u00a0HTTPS<\/strong> in the URL address, while a site that’s not SSL certified will begin with\u00a0HTTP<\/strong>.<\/p>\n
An SSL certificate helps a user’s browser verify that they are not only accessing a secure website, but the certificate is also genuine and linked to the domain\/website that was requested by the user.<\/p>\n
With WP Engine, all customers are encouraged to obtain a free SSL certificate with Let’s Encrypt<\/a>.<\/p>\n
For more on SSL and Let’s Encrypt, check out Torque’s Why Let’s Encrypt Has Completely Changed The SSL Landscape.<\/a><\/p>\n
Hide Your WordPress Version<\/h3>\n
If you defer WordPress updates,\u00a0you should consider hiding your WordPress version because it leaves footprints, telling the hacker useful information about your site.<\/p>\n
There are three areas where your WordPress version number will be hidden:<\/p>\n
1. The generator meta tag in the header:<\/p>\n
<meta name=\"generator\" content=\"WordPress 4.0\" \/><\/pre>\n
2. Query strings on scripts and styles:<\/p>\n
subscriptions.css?ver=4.0<\/pre>\n
3. Generator tag in RSS feeds:<\/p>\n
http:\/\/wordpress.org\/?v=4.0<\/pre>\n
To get rid of your WordPress version number in all three areas, add this code to your functions.php file:<\/p>\n
\/* Hide WP version strings from scripts and styles<\/span>\n * @return {string} $src<\/span>\n * @filter script_loader_src<\/span>\n * @filter style_loader_src<\/span>\n *\/<\/span>\nfunction<\/span> fjarrett_remove_wp_version_strings( $src<\/span> ) {\n global<\/span> $wp_version<\/span>;\n parse_str(parse_url<\/span>($src<\/span>, PHP_URL_QUERY), $query<\/span>);\n if<\/span> ( !empty<\/span>($query<\/span>['ver'<\/span>]) &&<\/span> $query<\/span>['ver'<\/span>] ===<\/span> $wp_version<\/span> ) {\n $src<\/span> =<\/span> remove_query_arg('ver'<\/span>, $src<\/span>);\n }\n return<\/span> $src<\/span>;\n}\nadd_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings'<\/span> );\nadd_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings'<\/span> );\n\n\/* Hide WP version strings from generator meta tag *\/<\/span>\nfunction<\/span> wpmudev_remove_version() {\nreturn<\/span> ''<\/span>;\n}\nadd_filter('the_generator', 'wpmudev_remove_version'<\/span>);<\/pre>\n
In addition,\u00a0you should also make sure your readme.html<\/strong> file is removed from your install, as this exposes your version number.<\/p>\n
At WP Engine we prevent access to this file on our platform to make fingerprinting WordPress versions more difficult.<\/p>\n
Relocate or rename login page<\/h3>\n
To make your site more bulletproof, relocating your login page is worth the effort. Not only does it hide the fact that you\u2019re on WordPress, but it limits brute-force attacks on your login page.<\/p>\n
If someone was trying to hack your WordPress site and came across a 404 error upon entering your login page, say www.mysite.com\/wp-login.php, they\u2019d likely be deterred from breaking in.<\/p>\n
Try using a plugin like Rename wp-login.php<\/a>, Move Login<\/a>, or iThemes Security<\/a> to assist in moving or renaming your login page. But before you take this action, do be sure to talk to your web host or developer to ensure the steps you are taking are correct.<\/p>\n
Secure the wp-config file<\/h3>\n
The wp-config file contains your\u00a0website’s base configuration details, like\u00a0database connection information. To protect your\u00a0wp-config.php file from intrusion, add the following code to your .htaccess file to deny access to anyone surfing it:<\/p>\n
<files wp-config.php>\norder allow,deny\ndeny from all\n<\/files><\/pre>\n
For more information on moving the wp-config file, see the\u00a0WordPress codex<\/a>.<\/p>\n
Use A Secure Hosting Environment<\/h3>\n
You can follow all of the security measures above, however, if you don’t invest in a secure WordPress hosting<\/a> provider, these efforts are all for nothing.<\/p>\n
Secure hosting with\u00a0WP Engine<\/a> addresses many of the above tasks (daily backups, 2FA, etc.) with its proprietary security technology.<\/p>\n
Here’s just some of the security benefits\u00a0WP Engine’s enterprise-grade\u00a0infrastructure<\/a> contains:<\/p>\n
Automatic updates to new versions of WordPress<\/h4>\n
As soon as a new version of WordPress rolls out, we automatically upgrade\u00a0your site for you so it contains the latest security patches.<\/p>\n
Blocks potential hacks as they occur<\/h4>\n
Our platform contains real-time security threat detection. We have the technology to block even the most sophisticated hacks, like JavaScript\/SQL injection and XML-RPC attacks, along with garden variety DDoS and brute force attacks.<\/p>\n
This technology also blocks IP addresses identified as belonging to spammers or hackers.<\/p>\n
Periodic security audits and code reviews<\/h4>\n
WP Engine\u00a0conducts periodic code reviews and security audits of our infrastructure. We also\u00a0partner with outside security businesses to ensure we offer the best possible security measures in the industry.<\/p>\n
High-performance, secure technology stacks<\/h4>\n
Securing your web environment requires proper server configuration. Our software stack includes provisions to ensure optimal WordPress performance, including disk write limitations and protection against scripts known to contain vulnerabilities. We also implement PHP tuning to disallow dangerous or insecure commands.<\/p>\n
Hacked? We’ll fix it for free.<\/h4>\n
While some consultants will charge thousands to fix a hacked site, in the unlikely event that your site is compromised, we\u2019ll fix it at no extra cost to you.<\/p>\n
Now that you know about some ways in which to make your site more secure, if you ever do happen to discover a vulnerability, be sure to give back to the WordPress community by reporting it. You can send a detailed email to security@wordpress.org, or if there’s a plugin security, email plugins@wordpress.org.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u201cSecurity is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and\/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making…<\/span><\/span><\/p>\n","protected":false},"author":114,"featured_media":20185,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[85],"tags":[13],"class_list":["post-19893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-security"],"yoast_head":"\n15 Ways To Harden The Security Of Your WordPress Site<\/title>\n<meta name=\"description\" content=\"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"15 Ways To Harden The Security Of Your WordPress Site\" \/>\n<meta property=\"og:description\" content=\"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/\" \/>\n<meta property=\"og:site_name\" content=\"WP Engine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/wpengine\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-27T17:07:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-03T06:05:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2024\/05\/WPE-IMG-Thumbnail-1200x630-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Darcy Wheeler\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2016\/10\/WP-BNNR-Blog-SecurityOfYourWordPress-Twitter-1024x512.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@wpengine\" \/>\n<meta name=\"twitter:site\" content=\"@wpengine\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Darcy Wheeler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/\",\"url\":\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/\",\"name\":\"15 Ways To Harden The Security Of Your WordPress Site\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#website\"},\"datePublished\":\"2016-10-27T17:07:09+00:00\",\"dateModified\":\"2024-01-03T06:05:37+00:00\",\"author\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/34868282515de283b983c228d0824b39\"},\"description\":\"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"15 Ways To Harden The Security Of Your WordPress Site\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/resources\/#website\",\"url\":\"https:\/\/wpengine.com\/resources\/\",\"name\":\"WP Engine\",\"description\":\"Managed Hosting for WordPress\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/resources\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/34868282515de283b983c228d0824b39\",\"name\":\"Darcy Wheeler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2a901348de6e810af952ffb72a21dbfc3e77868c2acb539d7d92524a9f1bb7be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2a901348de6e810af952ffb72a21dbfc3e77868c2acb539d7d92524a9f1bb7be?s=96&d=mm&r=g\",\"caption\":\"Darcy Wheeler\"},\"description\":\"A photography and art enthusiast, in her spare time she enjoys traveling, practicing yoga, designing items for her craft store, and trying new cooking recipes. Follow her on Twitter @darewhee.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"15 Ways To Harden The Security Of Your WordPress Site","description":"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"15 Ways To Harden The Security Of Your WordPress Site","og_description":"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...","og_url":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/","og_site_name":"WP Engine","article_publisher":"https:\/\/www.facebook.com\/wpengine","article_published_time":"2016-10-27T17:07:09+00:00","article_modified_time":"2024-01-03T06:05:37+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2024\/05\/WPE-IMG-Thumbnail-1200x630-1.jpg","type":"image\/jpeg"}],"author":"Darcy Wheeler","twitter_card":"summary_large_image","twitter_image":"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2016\/10\/WP-BNNR-Blog-SecurityOfYourWordPress-Twitter-1024x512.jpg","twitter_creator":"@wpengine","twitter_site":"@wpengine","twitter_misc":{"Written by":"Darcy Wheeler","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/","url":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/","name":"15 Ways To Harden The Security Of Your WordPress Site","isPartOf":{"@id":"https:\/\/wpengine.com\/resources\/#website"},"datePublished":"2016-10-27T17:07:09+00:00","dateModified":"2024-01-03T06:05:37+00:00","author":{"@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/34868282515de283b983c228d0824b39"},"description":"While no system is completely secure, here are some of the most important WordPress security tasks you should implement to protect your site...","breadcrumb":{"@id":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/resources\/15-ways-harden-wordpress-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/resources\/"},{"@type":"ListItem","position":2,"name":"15 Ways To Harden The Security Of Your WordPress Site"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/resources\/#website","url":"https:\/\/wpengine.com\/resources\/","name":"WP Engine","description":"Managed Hosting for WordPress","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/resources\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/34868282515de283b983c228d0824b39","name":"Darcy Wheeler","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2a901348de6e810af952ffb72a21dbfc3e77868c2acb539d7d92524a9f1bb7be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2a901348de6e810af952ffb72a21dbfc3e77868c2acb539d7d92524a9f1bb7be?s=96&d=mm&r=g","caption":"Darcy Wheeler"},"description":"A photography and art enthusiast, in her spare time she enjoys traveling, practicing yoga, designing items for her craft store, and trying new cooking recipes. Follow her on Twitter @darewhee."}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/19893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/users\/114"}],"replies":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/comments?post=19893"}],"version-history":[{"count":0,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/19893\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media\/20185"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media?parent=19893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/categories?post=19893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/tags?post=19893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}