Security in WordPress is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren’t taken. This article will introduce you to basic security concepts and serve as an introductory guide to making your WordPress website more secure.

WordPress security/hardening should include:

  • Change the Default “admin” username
  • Disable File Editing
  • Disable PHP File Execution
  • Limit Login Attempts
  • Change WordPress Database Prefix
  • Password Protect WP-Admin and Login
  • Disable Directory Indexing and Browsing
  • Disable XML-RPC in WordPress
  • Automatically log out Idle Users
  • Add Security Questions to WordPress Login

For those who are interested in doing it themselves, find more information on WordPress.org