Part 1: Prevent Spams and Hacking attacks
- Never use the username admin
- Use a strong password
- Use login-lockdown plugin to limit the number of failed logins to an administrator account.
- Download the plugin WP Security Scan
- After installation, view the WordPress firewall dashboard to see the list of scanned vulnerabilities. Each vulnerability shows the suggested mitigation policy underneath.
- Disable execution of any PHP script that might be injected into the server during a file upload or a theme installation / update.
- To do this create an .htaccess file in wp-content and wp-includes folder. Put the following lines there
<Files *.php>
deny from all
</Files>
- Protect wp-config.php from malicious use by adding this line to the .htaccess file in the root directory of wordpress.
<files wp-config.php>
order allow,deny
deny from all
</files>
- Download the plugin WordPress Firewall. Among other features, this plugin has options to mitigate SQL injection and stop directory browsing.
Part 2: Optimize WordPress … speed things up
- Download the plugins Super Cache and delete Super Cache – Clear all cache. The second plugin just provides a button on the dashboard for one click delete of all cache files.
- Use a third party image compressor (there are image compressors available online via cloud services) to compress your site images.
- Download Lazy Load plugin to lazy load images.
- Download Revisions Control plugin and configure the total number of revisions stored for a post or page. The number should be around 2/3.
- Download WP-Optimize and run the plugin to optimize and clean database tables.
References:
- http://null-byte.wonderhowto.com/forum/make-your-wordpress-hack-proof-0160350/
- http://rinf.com/alt-news/webmasters/6-tips-to-make-your-wordpress-hack-proof/
- http://listthemout.com/6-plugins-to-make-wordpress-hack-proof.html
- https://colorlib.com/wp/how-to-speed-up-wordpress-site/
- http://www.sparringmind.com/speed-up-wordpress/