{"id":4945,"date":"2018-10-10T18:43:41","date_gmt":"2018-10-10T17:43:41","guid":{"rendered":"https:\/\/blog.fabianpiau.com\/?p=4945"},"modified":"2021-01-14T16:35:19","modified_gmt":"2021-01-14T16:35:19","slug":"tips-to-make-your-wordpress-website-secure","status":"publish","type":"post","link":"https:\/\/blog.fabianpiau.com\/en\/2018\/10\/10\/tips-to-make-your-wordpress-website-secure\/","title":{"rendered":"Tips to make your WordPress website secure"},"content":{"rendered":"

 <\/span>Version fran\u00e7aise disponible<\/strong><\/a><\/p>\n

Update<\/strong>
\nJanuary, 14th, 2021 : <\/strong> Update security headers, replaced “Feature-policy” with “Permissions-policy”.\n<\/div>\n

WordPress is one of the most popular CMS (Content Management System). That popularity also means that it is a target of choice for hackers.
\nIn this article, I will give you some tips to keep your website secure and avoid being attacked.<\/p>\n


<\/p>\n

1. Use latest versions<\/h4>\n

This is true for WordPress itself but also for all your extensions. There are new versions available regularly. If a plugin has not been updated for a while, it is probably not maintained anymore and you might need to remove or replace it. This is also applicable for your theme.
\nThe version of PHP is also important, check with your hosting provider that you are running the latest version of PHP (7.X), especially the versions 5.X won’t be supported by the end of the year<\/a>.
\nAlso, note that the more extensions you have installed, the more risk you are taking, as your WordPress configuration will rely on more 3rd party code. You should only keep the plugins that you really need. If a plugin is disabled, don’t keep its source code and remove all its associated files.<\/p>\n


<\/p>\n

2. Use secure login details<\/h4>\n

Never use the default admin user. If you do, disable this account and create your own account with a personalized username.
\nChoose a strong password<\/a>. If several users are managing your website, make sure the permissions are valid and avoid giving the admin permission to everyone.<\/p>\n


<\/p>\n

3. Scan your website<\/h4>\n

This is an easy and quick way to find vulnerabilities and see if one of your plugins is vulnerable or not. You can use these 2 online tools:<\/p>\n