WordPress is the most widely used web content management system in the world, with over 43% of websites using it. Although its popularity has great benefits, the sheer number of WordPress sites makes the platform an attractive target for cybercriminals.
Implementing good WordPress hardening practices is essential to protect your site from vulnerabilities.
Here is a guide to different practices to shield a WordPress site, with the help of TU Latch.
How to integrate two-factor authentication (2FA) into WordPress
The use of two-factor authentication tools provides an additional layer of security to user accounts. Latch is TU’s authorization control solution. But Latch goes further, alerting the user in real time to unauthorised access attempts through instant notifications. This allows for an immediate response to any suspicious activity on your account.
With the Latch plugin for WordPress, you can integrate Latch into the login process. The following video shows how easy it is to integrate Latch into WordPress.
How to make the server stronger
To add more security to the server where WordPress is running, Latch can be used for authentication on Linux. The PAM modules are a flexible system for managing different authentication mechanisms on UNIX and Linux systems. With PAM, you can integrate various security solutions into services such as SSH and login.
The Latch plugin for UNIX allows you to integrate Latch to protect any service that uses PAM authentication. With this plugin, we are going to add another layer of security to SSH connections to the server with Latch. Latch can also be configured in the login to prevent any brute force or dictionary attacks against the server.
How to integrate WordPress in Paranoid Mode (WiPM) to protect critical website operations
Another advanced setting for WordPress is known as “WordPress in Paranoid Mode”, in which additional measures are taken to protect critical website operations. In this mode, specific actions on sensitive tables in the WordPress database, such as those that store information about users, permissions, system settings, or key content, are monitored and controlled.
The idea behind this mode is to add a layer of security that works alongside authentication tools such as Latch. With the WiPM installer, you can configure the different triggers in your WordPress database, which will allow you to enable or disable different actions in your database according to Latch authorisation.
For example, if an attempt is made to make a modification to one of these critical tables, the system will query Latch to verify whether the action is authorised. If the “control” is closed, the operation will be blocked and if it is open, it will be allowed.
Subscribe to our newsletter!
Find out about our offers and news before anyone else
Best practice guide to shield a WordPress website
Keep WordPress and plugins up to date
Always keep WordPress and its plugins up to date, as updates fix known bugs and security flaws.
Do not use the admin user
The admin user is the first target of an attacker. They create a new user with administrator privileges and remove administrator privileges from the admin user.
Limits login attempts
Limiting failed login attempts helps prevent brute force attacks.
Uses SSL certificates
It is essential to use SSL certificates, ensuring that traffic between the site and users is encrypted and protected against interception.
Disable XML-RPC
Disabling XML-RPC is important, as this protocol can be exploited in certain attacks and disabling it reduces this risk.
Hide the WordPress version
Displaying the WordPress version can help attackers identify specific vulnerabilities. Hiding the version makes it more difficult to exploit known vulnerabilities.
Audit your WordPress
Use auditing tools to check the security of your WordPress and make sure to review and fix vulnerabilities.
As you have seen, there are multiple ways to shield your WordPress site, mainly by using the available Latch plugins.
Graduada en el Doble Grado de Ingeniería en Diseño Industrial y Desarrollo de Producto + Ingeniería Mecánica. Soy una persona muy organizada, pero con una mente muy creativa. Trabajo en el equipo de Product Marketing CDO en Telefónica Innovación Digital aprendiendo todo lo que puedo.