10 simple steps to harden your WordPress website
Prevent hackers from breaching your website
Mar. 31, 2019 - Willem L. Middelkoop
A lot of people use WordPress to manage their website, therefore it's no surprise people ask me to have a look at their site's security. As ethical hacker, I encounter WordPress in different shapes, sizes and states. Some of them are really badly protected against hacks. Prevent your site from being hacked using these 10 practical tips.
Continue reading![Update WordPress from the wp-admin dashboard](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_00_Update-WordPress-from-the-wp-admin-dashboard_500px.jpg)
![Leaking personal user information from the WordPress REST API](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_05_Leaking-personal-user-information-from-the-WordPress-REST-API_500px.jpg)
![Limit access by IP basis to XML-RPC using a .htaccess file](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_06_Limit-access-by-IP-basis-to-XML-RPC-using-a-htaccess-file_500px.png)
![Check the reputation of a WordPress plugin by looking at the number of downloads and its rating](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_01_Check-the-reputation-of-a-WordPress-plugin-by-looking-at-the-number-of-downloads-and-its-rating_500px.jpg)
![Sniff WordPress password using WireShark packet capturing (via blog.wpscans.com)](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_02_Sniff-WordPress-password-using-WireShark-packet-capturing-via-blog-wpscans-com_500px.png)
![It's pretty hard hacking into my WP-Admin page because you cannot find it (hint: it's not at /wp-admin)](/blog/2019-03-31_wordpress-10-tips-to-secure-your-website/images/i_07_It-s-pretty-hard-hacking-into-my-WP-Admin-page-because-you-cannot-find-it-hint-it-s-not-at-wp-admin_500px.jpg)