Delivering expert cyber security solutions to small and medium-sized businesses

Learn More

[Blog] Wordpress Security Report

WPReportCoverWordPress has been the Small Business web platform of choice for many years now. It has a rather simple user interface, along with tons of free themes and modules to do pretty much anything your SMB website could ever need to do. I’ve set up my fair share of WordPress sites…and a few others’ shares as well!

Of course, my interest here is in securing WordPress! I was unable to find any real comprehensive guide on how to secure a WordPress site. So, when I’m asked about securing WordPress, I usually do a good search or just recommend a module or two. Unfortunately, that’s really not the full story. Wordpress is a web application. And, while modern web applications may seem simple, they’re actually quite complex. There’s an entire “stack” of hardware and software that you need to secure…not just a simple web application.

So, I decided that I would take the time and write-up a comprehensive technical guide on Securing WordPress. This document will continue to evolve over time as technologies evolve. If you have any feedback on this report (updates, suggestions, etc), I’d love to hear them

Report Contents

  • WordPress technical description
  • Understanding the Risks
  • Website Hosting
  • Local Hosting
  • Remote Hosting
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Hosting Recommendation
  • Web Application Architecture
  • Three-Tiered Architecture
  • Web Proxy Server
  • Resolving Proxied IP Addresses
  • Web Application Firewall
  • Plugins and Themes
  • User Management
  • Least Privilege Model
  • Rename Administrator User
  • Password Complexity
  • Two-Factor Authentication (2FA)
  • WordPress Software Security
  • Software Updates
  • File Security
  • File Permissions
  • Securing wp-admin
  • Securing wp-includes
  • Securing wp-config
  • Disallow File Editing
  • Security Software Products
  • Backups
  • Logging & Monitoring
  • A Quick Recipe
  • A Compliance Control Framework

CONTACT US FOR A FREE CONSULTATIONGetting started in security can be challenging. Let us help ease the burden of security and compliance with our small-mid sized business services and solutions.