I don’t know about you, but when I was first securing my WordPress blog, and I was researching to see what others were doing to keep their blog safe, I found so much information that I was completely confused. And some of the information was in fact over the top or supersticious. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be quite a bit of work and effort.
An easy way to keep WordPress safe is to use a few built-in tools. First of all, don’t allow people to list the files in your folders, run a web host security scan and automatically backup your entire web hosting account.
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any WordPress security plugins has been considered by the development team of WordPress. In the past, WordPress did have holes but now most of them are filled up.
The first thing you should do is check your various folders. For example, your WordPress blog has folders, such as WP-Content, WP-Admin, WP-Includes. So if you went to your site /WP-Content in a web browser, what shows up? Does it list all the folders and files in that folder? And if so, all you have to do is upload a blank file named Index.html into that folder to make sure that no one can view it.
What if you go to WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file into that folder as well so people can’t view what plugins you have. Because even if your current version of WordPress is up to date, if you are using an old plugin or a plugin with a security hole, someone can use that to get access.
Next, most web hosts in the cPanel area allow you to run a security scan and see if anyone has injected any bad code that may be used to grant an authorized access, send emails, or something like that.
Just run that web host security scan and see what comes up, and if anything comes up that looks out of the ordinary or you are not sure of, contact your web host and see what they think. And whether or not you find anything bad, automatically backup your whole account. In cPanel you can backup your entire web hosting account and save it to your hard drive so that even if something goes wrong at some point, at least you have a back up copy of everything that’s there.
Those are three very simple things you can do to keep WordPress safe without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.