Security advices for Wordpress websites cms!

First step change file rights from (not for all web hosting):

644 -rw-r–r– /home/user/wp-config.php

644 -rw-r–r– /home/user/cgi-bin/.htaccess


600 -rw——- /home/user/wp-config.php

600 -rw—— /home/user/cgi-bin/.htaccess

Second step - add new line into wp-config.php

define( 'DISALLOW_FILE_EDIT', true );

step 3

block registrations on website in settings

step 4

block author pages by adding to functions.php

function author_page_redirect() {
    if ( is_author() ) {
        wp_redirect( home_url() );
add_action( 'template_redirect', 'author_page_redirect' );

step 5 to functions.php for disable xmlrpc

function remove_xmlrpc_pingback_ping( $methods ) { unset($methods['']); unset($headers['X-Pingback']); return $methods; } add_filter('xmlrpc_enabled', '__return_false'); add_filter('xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );

step 6 protect admin

This plugin is good WP Limit Login Attempts

or this one

step 7 add ssl

Here is advices how

or use plugins or read here

also you can use special plugins

like this sucuri

and this one