Here you have a series of extensions and tips that can be used to increase the security of your website as long when you use WordPress as a content publishing platform.
1. Plugin CHAP Secure Login: encodes the password using the protocol CHAP . Without additional configuration. Installed and activated.
2. Plugin Login Lockdown: Blocks the identification made from the same IP address as if the wrong password is used repeatedly.
3. Plugin AskApache Password Protect: Add extra identification to the blog using HTTP Basic Authentication and HTTP Digest Authentication (you should check if the server hosting your website, accepts it).
4. Plugin Semisecure Login Reimagined: Add encryption RSA in the password.
5. Plugin WP-DB-Backup: Backs up the database with configurable frequency. Indispensable.
6. Plugin WP-DBManager: Allows you to manage the database from the WordPress control panel. Convenient to avoid having to access the administrator PHPmyAdmin but somewhat dangerous if someone gets on the panel.
7. Change the prefix of the tables in the database: Usually start with wp, you can change it with plugins like WP-Security-Scan .
8. Protects wp-config.php: Add the file. htaccess line
^wp-config.php$> <FilesMatch Deny from all </ FilesMatch>
to prevent anyone from reading the data to get access to the database.
9. Plugin Admin SSL: Add HTTPS in the Pages of identification. Remember that, you will need to pay extra cost to your hosting service for this.
10. Blocks wordpress directory to the search engines by adding the line Disallow: / wp-* in your robots.txt file
11. Plugin WP Security Scan: A few tests to verify the security of your WordPress installation, giving advice on actions (many of them included in this list).
12. Keep WordPress updated with the latest version.
13. Beware of the origin of the active plugin. Sometimes extensions can make a lot of headaches from the point of view of safety and performance.
14. SFTP: Replaces FTP connections to your setup for SFTP , which sends the data securely.