10 security best practices to harden your WordPress website
Keep hackers out of the world's most popular content management system
Mar. 31, 2019 - Willem L. Middelkoop
A lot of people use WordPress to manage their website, therefore it's no surprise people ask me to have a look at their site's security. As ethical hacker, I encounter WordPress in different shapes, sizes and states. Some of them are really badly protected against hacks. Prevent your site from being hacked using these 10 practical tips.
Continue reading![Leaking personal user information from the WordPress REST API](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_05_Leaking-personal-user-information-from-the-WordPress-REST-API_500px.jpg)
![Do you trust the free wifi you're using? (Image via buffered.com)](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_04_Do-you-trust-the-free-wifi-you-re-using-Image-via-buffered-com_500px.jpg)
![It's pretty hard hacking into my WP-Admin page because you cannot find it (hint: it's not at /wp-admin)](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_07_It-s-pretty-hard-hacking-into-my-WP-Admin-page-because-you-cannot-find-it-hint-it-s-not-at-wp-admin_500px.jpg)
![Password dictionary attacks use lists of known (leaked) passwords, you can find them on shady parts of the internet](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_03_Password-dictionary-attacks-use-lists-of-known-leaked-passwords-you-can-find-them-on-shady-parts-of-_500px.png)
![Sniff WordPress password using WireShark packet capturing (via blog.wpscans.com)](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_02_Sniff-WordPress-password-using-WireShark-packet-capturing-via-blog-wpscans-com_500px.png)
![Limit access by IP basis to XML-RPC using a .htaccess file](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_06_Limit-access-by-IP-basis-to-XML-RPC-using-a-htaccess-file_500px.png)