0

enabling modSecurity is not an option for my site to work properly. I just want to know if disabling ModSecurity is safe for a wordpress site. does wordpress take it's own security measures even if ModSecurity is disabled?

if not, what can I do on my end to keep my site safe even if modSecuirty is disabled?

toddash
  • 167
  • 2
  • 17
  • You *always* need to take control to implement security for any site, not just WP. It's not enough to do one thing and think that's enough - WP (like any system) is subject to vulnerabilities you should take every possible step secure the site. But what measures you require depend on many factors including your hosting, theme, plugins, etc and this is a topic that is beyond the scope of a single question for Stack Overflow. – FluffyKitten Aug 12 '20 at 04:32

1 Answers1

0

1-you can change default admin login page address

2-change admin username

3-update your wordpress and plugins

4-backup your site regularly

5-Disable File Editing

You can easily do this by adding the following code in your wp-config.php file.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

6-Disable PHP File Execution in Certain WordPress Directories

edit your htaccess and add <Files *.php> deny from all

7-Limit Login Attempts

8-Change WordPress Database Prefix

9-Disable Directory Indexing and Browsing

you need to add the following line at the end of the .htaccess file:

Options -Indexes

10-Disable XML-RPC in WordPress

11-Automatically log out Idle Users in WordPress

12-Add Security Questions to WordPress Login Screen

13-Add Two Factor Authentication:https://wordpress.org/plugins/two-factor-authentication/

for doing all that mentioned above you can simply install this plugin and do what it says: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Omk
  • 1
  • 2
  • 16
  • While this list might be useful, it is just a list of options available from one single plugin so it isn't very comprehensive. There are many other potential vulnerabilities in a Wordpress website. This topic is far too broad and complex for a single complete answer, which is why the question is off topic for Stack Overflow. – FluffyKitten Aug 12 '20 at 05:58
  • yes you are right,but it is just some hints to improve the security – Omk Aug 12 '20 at 06:17
  • Answers on Stack Overflow should be comprehensive and complete where possible, otherwise they do not fully answer the question. If a full answer is not possible, it might be best not to answer at all (especially when it is something as important as security) in case users think the partial information is everything they need to do, and might then be left vulnerable. Its certainly always best to make it clear that it is only part of what they need to do. :) – FluffyKitten Aug 12 '20 at 06:32