WordPress, The most common CMS (content management system) is being widely used by almost everyone,
which makes this platform a magnet for potential attackers. here are some steps that will help you
strengthen the protection of your assets
Backup WordPress website
First things first. Whether you picked a hosting company that will handle your WordPress from A to Z,
or you're hosting and maintaining your own WordPress application, It's always important to take care
of periodic backups of your data.
The methods to accomplish this goal are simple:
Backup managed WordPress website
Most of the hosting providers have an option to do it fully automated, through the dashboard,
just pick a periodic time and they're committing to do so.
Another option is just to manually download a backup if you're concern about losing your data.
Backup self-hosted WordPress website
If you're a server-side ninja, you can create a script that backs up your files, or by version control, and most importantly is the MySQL database. with a CRON job or any other periodic scripts runner, and make it custom for your needs.
Backup WordPress site with a plugin
This option is more generic than the previous mentioned above. with a plugin, you can install it on
both managed or self-hosted website, by installing it through the wp-admin dashboard and configure it exactly for your needs.
I'm not gonna recommend any of the plugins in the market, but there are plenty of them
Be aware of your plugins
plugins are very awesome, and really make our lives better and easier, but with comfortability comes danger.
There are a lot of malicious plugins. please consider installing as minimal as possible, try avoiding installing plugins that look cool, or plugins that do something simple that you can do instead.
Vulnerable WordPress plugins
Most of the plugins are used to make our life easy, indeed. but extremely common of them may include vulnerabilities inside them, which of course found by attackers, and those vulnerable plugins, sometimes allowing the attackers to take advantage of the plugin to sabotage or even steal information from your website.
Protect your /wp-admin URL
It is very necessary to reduce the attacking surface among attackers. in our words, letting any anonymous user be able to access /wp-admin URL is a very bad practice because they can just play with the credentials until they find a match and access your backend application.
One way to accomplish that is to modify the route to something else, maybe like /back-office or something less predictable from admin panel.
The other way is to protect this URL within a Basic Authentication, which adds an additional layer of security to the desired management panel.