WordPress does an amazing job of being secure out of the box that we sometimes take it for granted. It has smart defaults and it makes it easy for folks to keep up with those pesky updates. However, with WordPress so prevalent on the web, there are always more things we can do to make it more secure. You might say, “No one would ever want to hack into my site, I’ve got nothing of value.” Wrong! Any WordPress installation is a target of nefarious bots who scan the web for low hanging, unsecured WordPress fruit.
In this talk, we’ll go over some small, very easy things you can do to a WordPress site to make it a little bit more difficult to get compromised. This includes using different plugins to use to obscure well known attack vectors, easy-to-understand technical changes you can make to harden your site, and what to do in case your site does get maliciously attacked.
Lock The Front Door: Practical tips for securing a WordPress website by Brock Ellis