- Plesk for Linux
How to improve WordPress instance security?
The WordPress instance security improvement refers to the following:
- wp-content directory: restrict PHP files execution
- wp-includes directory: restrict PHP files execution
- Directory browsing: restrict permission
- Database prefix: customize it
- Security keys: encrypt user's cookies
- Permissions for files and directories: for the wp-config.php file are set to 600, for other files to 644, and for directories to 755.
- Administrator's username: restrict user with the administrative privileges and the username admin.
- Hiding WordPress version information
It is recommended to tweak WordPress instance security automatically using WordPress Security Checker:
- Go to Websites & Domains > WordPress.
- Do one of the following:
- To check the security of all WordPress installations, click Security > Check Security.
- To secure a single WordPress installation, click the icon in the S column next to the name of the desired WordPress installation.
- To secure two or more WordPress installations, select the checkboxes for the corresponding WordPress installations and click Check Security.
- Select the checkboxes corresponding to the security improvements you want to apply, then click Secure.
WARNING: not all security improvements can be rolled back. It is recommended to back up the corresponding subscription before securing WordPress installations.
For more information, refer to Plesk documentation: