Setting up and testing the security measures of PLESK-WordPress-Security

We follow the recommendations of PLESK-WordPress-Security, as well as measures that we consider necessary. These are as follows:

  1. Restricting access to files and directories
  2. Configuration of security keys
  3. Blocking access to xmlrpc.php
  4. Blocking the directory search
  5. Not allowing the execution of PHP scripts in the "wp-includes" directory
  6. Not allowing the execution of PHP scripts in the "wp-content/uploads" directory
  7. Blocking access to wp-config.php
  8. Deactivation of script chaining for the WordPress admin panel
  9. Deactivation of pingbacks
  10. Deactivation of unused scripting languages
  11. Deactivation of PHP execution in cache directories
  12. Deactivation of file editing in the WordPress dashboard
  13. Changing the default prefix of database tables
  14. Activation of protection against unusual bots
  15. Blocking access to sensitive and potentially sensitive files
  16. Blocking access to HTACCESS and HTPASSWD files
  17. Blocking of author scans
  18. Changing the default user name of the administrator

Additional safety measures on request and at your discretion

  1. Hide unnecessary information or meta links in the area generated by WordPress.
  2. Set up WP-Audit to track activities on the website by users.
  3. Set up two-factor authentication (recommended, but not always possible).