Quote:
Originally Posted by WDF
Use a plugin named Bulletproof Security and check daily for updates.
If you manage your own hosting a Software Firewall like CSF/LFD helps as does a WAF (Web Application Firewall) like mod_security.
If you are on shared hosting these are questions you should be asking your hosting provider if they have/use them or something similar.
|
This
There's several decent security plugins like Wordfence, iThemes Security, etc that you could install (infact Wordfence saved my ass once and cleaned out some malware on one of my Wordpress installs, worked amazing.) - those plugins will usually protect your wp-login.php from bruteforce attacks, allow you to scan for malware, and some will keep track of any files that have changed. Also if you don't use it, disable XMLRPC.
Make sure you set the right permissions for your files and folders - and KEEP EVERYTHING UP-TO-DATE!!! I can't stress that enough! Don't use a lot of plugins (and keep them up to date) and do NOT use any "free" themes that you come across from searching via Google unless you know for sure they are clean (go through them with a scanner and open up files looking for any suspicious coding.
http://codex.wordpress.org/Hardening_WordPress
If this is on a VPS or dedicated server then I would hope you would already have a firewall setup, CSF, UFW, or just iptables without all that other stuff (or bare minimal lock down ports and install Fail2ban). You can install mod_security and look for wordpress rules.