- Joined
- Jul 4, 2014
- Messages
- 5,270
- Reaction score
- 1,650
- Points
- 7,855
Yes yes, wordpress... Will do for now...
I know f all about security but I use the following tools to check my site and then make corrections as per Google:
Analyse your HTTP response headers (current have an A+ , started at F, but have 1 more header to implement).
/wp-login has 2FA + sec Q & will be moved to random name scheme.
Using WP-scan to do a deeper scan of my site.
Firewall plugin that gives daily logs re file changes (helps me see that backups are being done aswell) ;
Fairly well adjusted HTACCESS
Protected wp-config
Implementing most of this article -https://sucuri.net/guides/wordpress-security/?utm_campaign=WordPress%20Security%20Email%20Course&utm_source=hs_automation&utm_medium=email&utm_content=66814851&_hsenc=p2ANqtz-_oLBiAMommxPv9PCC69YdO5NRskQfazchrYizaYPlhzpd8uJbUHnuyBMwRlHbelOXPg6w4vMFcJR839tuCudGm217ozQ&_hsmi=66814851#harrec?utm_source=HubSpot&utm_medium=Email&utm_campaign=WPSecurity_Course&utm_content=Email_7
Also implementing better SPF, DMARC & DKIM records to try stop domain spoofing of my emails.
Any other suggestions from you wise men & woman?
I know f all about security but I use the following tools to check my site and then make corrections as per Google:
Analyse your HTTP response headers (current have an A+ , started at F, but have 1 more header to implement).
/wp-login has 2FA + sec Q & will be moved to random name scheme.
Using WP-scan to do a deeper scan of my site.
Firewall plugin that gives daily logs re file changes (helps me see that backups are being done aswell) ;
Fairly well adjusted HTACCESS
Protected wp-config
Implementing most of this article -https://sucuri.net/guides/wordpress-security/?utm_campaign=WordPress%20Security%20Email%20Course&utm_source=hs_automation&utm_medium=email&utm_content=66814851&_hsenc=p2ANqtz-_oLBiAMommxPv9PCC69YdO5NRskQfazchrYizaYPlhzpd8uJbUHnuyBMwRlHbelOXPg6w4vMFcJR839tuCudGm217ozQ&_hsmi=66814851#harrec?utm_source=HubSpot&utm_medium=Email&utm_campaign=WPSecurity_Course&utm_content=Email_7
Also implementing better SPF, DMARC & DKIM records to try stop domain spoofing of my emails.
Any other suggestions from you wise men & woman?