WordPress Security X
Tweet Follow @getButterfly When dealing with WordPress security, we need to start from the bottom of the stack and go up. There’s usually not much to do up there, except for security analysis.
I’ll call these security layers.
Note that this article is the tip of the iceberg only. There are many more tricks and possible configurations for your site to prevent attacks. Also note that, given the time, hardware technology and server knowledge, any site can be hacked.
Layer 1
We’ll start with the hosting provider and we’ll check our server software, which can be either Nginx or Apache. We need to make sure we have the latest version (or a newer one, at least). If the site is on a shared server, we can contact the hosting provider by using the integrated chat service, raise a ticket and post a question on the public forum. If the site is hosted on a VPS server, we might have more options to select the server software type and, maybe, version. If the site is hosted on a dedicated server, it’s up to us to upgrade the server software — or hire a Linux expert.
See server software usage comparison in the images below:
The next check is server encryption and
Source: https://managewp.org/articles/13509/wordpress-security-x
source https://williechiu40.wordpress.com/2016/09/30/wordpress-security-x/