How to handle security on a wordpress site?

I'm doing a draft of a WordPress site on localhost.

If I am using PHP snippets to do the sort of back-end functionality. How do I know that, when this goes to a real platform, the php code cannot be tampered with? How can I ensure that login information (password especially) is secure? Should I be doing password validation in the PHP snippets, or is there a more secure way?

Answers 1

  • You cannot be 100% sure you are safe.

    Check this Security reading from WordPress.

    That been said, there are some things you can do.

    • Keeping WordPress Updated
    • Keeping theme and plugins Updated
    • Use Strong Passwords
    • You can use a Security Plugin, although it's arguable. When a client request it I use Sucuri.
    • Change the Default “admin” username
    • Limit Login Attempts
    • Change WordPress Database Prefix
    • Use double authentication

    All that won't be enough but it will give intruders a hard time trying to get in.

Related Questions