Skip to main content

Introduction

There are many ways to secure a WordPress site, including the following:

  • Use a strong password: Choose a unique and complex password for your WordPress site to prevent unauthorized access.
  • Keep WordPress and plugins up to date: Regularly update WordPress and your plugins to ensure that you have the latest security fixes.
  • Use a security plugin: Install a security plugin like Wordfence to add extra layers of protection to your site.
  • Enable two-factor authentication: Require a second factor, such as a code from a mobile app or device, in addition to a username and password to log in to your site.
  • Use SSL/TLS: Install an SSL/TLS certificate to encrypt communications between your site and visitors' browsers.
  • Use a firewall: Use a firewall to block malicious traffic and protect against common attack vectors like SQL injection and cross-site scripting.
  • Limit login attempts: Limit the number of login attempts to prevent brute force attacks.

A number of these security measures are covered by WP Engine. Some security features provided by WP Engine include:

  • Advanced firewall: WP Engine uses a custom-built firewall to block malicious traffic and protect against common attack vectors like SQL injection and cross-site scripting.
  • Automatic updates: WP Engine automatically updates WordPress and plugins to ensure that you have the latest security fixes.
  • Secure SFTP: WP Engine uses SFTP (Secure File Transfer Protocol) to encrypt communications between your site and the server.
  • Daily backups: WP Engine performs daily backups of your site to ensure that you can recover from any unexpected issues.
  • Two-factor authentication: WP Engine supports two-factor authentication to add an extra layer of protection to your site.
  • Advanced security measures: WP Engine has a team of security experts who monitor the platform for potential threats and take proactive measures to protect against them.