WordPress security is often referred to as “hardening”, after all, the process is like adding reinforcements to your castle. It’s all about bolstering the gates and putting lookouts on every tower. Evidently, WordPress security is a hot topic of discussion and debate. There are a lot of myths around with regards to WordPress and security. So we thought why not talk about WordPress Security at our Bengaluru WordPress Meetup – September 2016!

And because security is really important, the speaker of the event was Shivam Singh, a developer at Blogvault, a WordPress backup plugin company. Blogvault was working on a security product and understood the security landscape within WordPress really well. And hence, they had more clarity and insights on WordPress Security.

Here are some of the insights from the Bengaluru WordPress Meetup – September 2016:

How to secure your WP Site?

Secure Login

• Use Strong Password
• Limit Login
• Use two-factor authentication

Keep your Software Up-to-date

• Delete Deactivated Plugins
• Reduce the number of plugins
• Use only trusted software sources

Harden Security Using wp-config.php

• Change table prefix
• Disable file editor
• Block PHP execution in uploads/temp folders

Backup

• Offsite
• History
• Quick Restore

Other Settings

• SFTP over FTP
• Captcha for login and comments
• Secure the permissions

How to Secure your code?

Checking user capabilities

• Assigning every user a role
• Specify set of capabilities
• Restrict plugin actions

Data Validation

• Check the required fields are not left blank
• Validate Javascript in the front end
• Built in PHP Functions + Core Java Functions

Sanitize Input and Output Data & Use Nonces

Wasting Time in the name of Security!

• Hiding WP versions and login errors
• Changing wp-admin locations
• Removing readme.html

Security Plugins

• Hardening Security
• Security plugins: hardening (WordFence), firewall (Sucuri) and Malware scanning (Malcare)
• Firewalls – Website antivirus and hack cleaner

It was an interactive and informal session held at 91Springboard, Salarpuria Symphony, where every member shared their experience with WordPress security. Here is a link to the entire presentation by Shivam Singh:

Bengaluru WordPress Community organizes meetups on the 3rd Saturday of every month. These are free and open to anyone who wants to learn about WordPress or just use it for their business.

Come join us to explore the vast world of WordPress. You can Join our WordPress community on slack by requesting an invite here!

Also catch the latest updates on our Meetup Page!