WordPress Security Step by Step
Part 1. Theory
The goal of this learning path is to give you a clear path forward for securing all the websites that you host on your GridPane provisioned servers. Before you begin locking down your sites though, here are two articles that will help provide an overview of the bigger WordPress security picture.
The first is focused on the threats and how GridPane’s security options help guard you against them. The second is a real world case study on locking down two websites where security was a very high priority.
1. The OWASP Top 10 and GridPane WordPress Security Options
2. Case Study: Securing Multiple Banking Websites Built on WordPress
Part 2. GridPane Security Overview
Security is at the heart of everything we do here at GridPane, and we have some very cool features that you can use to secure each and every one of your websites. The two articles below offer an overview of what GridPane secures “out of the box”, and then the options that you can configure on a per website basis.
1. GridPane Default Security and Additional Options
2. Secure Your WordPress Websites: An Overview of the Security Tab
Part 3. Securing Your Websites
At this point we’ve taken a look at the theory and the options GridPane offers for securing your websites. Now let’s use them to start locking your sites down.
Below we’ll take a look at the 7G WAF (we also offer ModSecurity as well, but we generally recommend using that only for enterprise type sites), Fail2Ban, and our server level WordPress hardening options.
1. Configuring the 7G Web Application Firewall
2. Configuring Fail2Ban to Prevent Brute Force Attacks
3. WordPress Website Hardening for Nginx and OpenLiteSpeed (OLS)
If you’ve implemented a WAF, WPFail2Ban, and our WordPress hardening options then you have locked your websites down tight.
Part 4. Security Beyond GridPane
With all of the GridPane security measures now in place, your sites are locked down tight. Thousands of websites on GridPane use only these measures to keep secure, but if you want to go the extra mile, here are a few bonus options to consider.
1. Cloudflare Firewall Rules for Securing WordPress Websites
2. Connecting Fail2Ban to Cloudflare
3. Security Plugins: To Use Them or Not to Use them?
Part 5. Additional Reading
WordPress security is a big topic. We have an entire section of our knowledge base dedicated to the topic that you can check out here: Knowledge Base: Security.
Below are a few the highlights from that archive.