This is a free eBook on WordPress security created to help users to protect their sites from hackers and malware. This guide covers the following topics in detail, you can also read the summary of this security guide here.

• Keep your computer and mobile free from virus
• Use secure hosting
• Keep your installation updated
• Use strong passwords
• No admin username
• Safe role management
• Use reliable themes and plugins
• Disable theme and plugin editor in admin interface
• Block PHP executing from dashboard
• Stop brute force attack
• Block suspicious users, IP and bots
• Disable directory browsing
• Disable WordPress version
• Change database table prefix
• Change WordPress admin URL
• Use correct file permissions
• Track file changes
• Use basic firewall settings
• Deny access to log file
• Disable XMLPRC and pingbacks
• Handle sensitive data securely
• Prevent spam
• Periodic site backup
• Scan site for malware
• Monitor 404 errors
• Protect “wp-config.php” and “.htaccess” files
• Provide secure third party access
• Use security plugin