A set of changes that make a WordPress site harder to attack: file permissions, login limits, security headers, and more.
Last updated ยท Reviewed by Ali Hassan
Hardening covers disabling file editing, restricting xmlrpc.php, setting strict file permissions, enforcing two factor auth, adding security headers, and limiting login attempts. None of these stop every attack on their own. Together they remove 90% of opportunistic attempts.
Related terms
Malware
Malicious code injected into your WordPress files or database, usually for spam, redirects, or data theft.
Backdoor
Hidden code left by an attacker so they can return to your site after a cleanup.
Two Factor Authentication (2FA)
A login method that requires both a password and a one time code, blocking 99% of stolen password attacks.
We have shipped hundreds of fixes for exactly this kind of issue. Book a 20 minute call and we will tell you straight whether it is a quick fix or a bigger root cause.