How Do We Enhance Your WordPress Security?
Adding 2FA
Adding two-factor authentication reduces the risk of your administrative account been taken over by a hacker. Even if they get the password correct they will require an automatically generated code via your phone or email.
Brute Force Protection
When an attacker is trying to gain access to your login credentials they will usually try the most common usernames first such as admin or administrator. We will automatically block the attacker's IP permanently.
If the attacker knows your username already we will have implemented a system so they get blocked after 3-5 login attempts.
Running Our Security Scan
Once we know your login area is secure we will run our security scan which includes checking your security headers, PHP Version, Out of date items, Any existing malware & if your theme and WordPress versions can be found.
Changing Database Prefix
By default, your WordPress database prefix is usually wp_prefix. We will change this prefix making it harder for the attacker to guess your prefix.
Changing Admin URL
By default, everyone's WordPress admin is the following: http://www.example.com/wp-login.php. We will change this URL so only you will know the URL.
Disable XML-RPC
XML-RPC is a feature in WordPress that allows your site to connect to other websites or mobile apps so you can make changes.
Changing File Permissions
File permissions define who can read, write, and execute the file in question. Sometimes these files can have incorrect permissions which allow unauthorised users to access and edit them which could leave your site with malware.
Content Review
We will take a look at your plugins and themes to make sure they are fully updated and automatically update. We will remove any unwanted plugins which will decrease website vulnerability.
Final Hardening
We will make sure the security headers are implemented into your site combating against XSS attacks and more. We will also hide your WordPress and theme versions.