Protect your WordPress site:
Essential Security Steps:
1. Keep Everything Updated
- WordPress core, plugins, and themes
- Remove unused plugins/themes
2. Strong Passwords
- Use unique, complex passwords
- Enable two-factor authentication
- Limit login attempts
3. Secure Admin Access
- Change default "admin" username
- Use custom login URL (plugin: WPS Hide Login)
- Restrict wp-admin to specific IPs
4. File Security
- Protect wp-config.php
- Disable file editing in dashboard
- Correct file permissions (644 for files, 755 for folders)
5. Database Security
- Change default table prefix from wp_
- Regular backups
- Strong database password
6. Use Security Plugin
- Wordfence or Sucuri recommended
- Enable firewall features
- Monitor for malware
Note on platform: WordPress runs on our Windows + IIS hosting plans via PHP-on-IIS. This troubleshooting guide applies regardless of where WordPress is hosted, but Plesk for Windows is the control panel for our current plans. (We retired our Linux-based Managed WordPress tier; see current plans.)
