{"id":9181,"date":"2023-07-20T07:00:04","date_gmt":"2023-07-20T14:00:04","guid":{"rendered":"https:\/\/www.dreamhost.com\/blog\/?p=9181"},"modified":"2025-10-29T06:52:27","modified_gmt":"2025-10-29T13:52:27","slug":"secure-your-wordpress-website","status":"publish","type":"post","link":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/","title":{"rendered":"Everything You Need To Know About WordPress Security (+20 Hardening Tips)"},"content":{"rendered":"\n<p>If you&#8217;re looking for a top-tier, all-in-one content management system to power your website, look no further than WordPress.<\/p>\n\n\n\n<p>WordPress is an <a href=\"https:\/\/www.dreamhost.com\/blog\/what-is-wordpress\/\" target=\"_blank\" rel=\"noopener\">excellent, secure platform out of the box<\/a>, but there\u2019s certainly more you can (and should!) do to keep your site safe from malicious intent. Many of these security enhancements are easy to implement and can be performed manually in mere minutes. Others simply require installing a particular plugin.<\/p>\n\n\n\n<p>In this article, I\u2019ll guide you through 20 different strategies for upping the defenses on your WordPress fortress. But first, let\u2019s go a little further into why website security should matter to you.<\/p>\n\n\n\n<h2 id=\"why\" class=\"wp-block-heading\">Why WordPress Security Is So Important<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"900\" height=\"351\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/Meet-WordPress.png\" alt=\"Meet WordPress\" class=\"wp-image-41189 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/Meet-WordPress.png.webp 900w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/Meet-WordPress-300x117.png 300w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/Meet-WordPress-768x300.png 768w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/Meet-WordPress-600x234.png.webp 600w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/Meet-WordPress-730x285.png.webp 730w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/Meet-WordPress-784x306.png.webp 784w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/Meet-WordPress-877x342.png.webp 877w\" data-sizes=\"(max-width: 900px) 100vw, 900px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 900px; --smush-placeholder-aspect-ratio: 900\/351;\" \/><\/figure>\n\n\n\n<p>Choosing WordPress as your platform is an excellent way to start when you&#8217;re trying to create a site. It\u2019s not only a flexible, powerful platform for building websites \u2014 it\u2019s also remarkably secure as is.<\/p>\n\n\n\n<p>But of course, no platform can be 100% secure, and there are many reasons to be concerned about the security of your WordPress site:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><b>Popularity \u2013 <\/b>WordPress powers a huge portion of all the websites on the internet, making it a prime target for cybercriminals. Its widespread usage makes it an attractive platform to exploit vulnerabilities and gain unauthorized access to websites.<\/li>\n\n\n\n<li><b>Vulnerabilities \u2013 <\/b>As with any software, WordPress is not immune to vulnerabilities. Hackers constantly search for vulnerabilities in WordPress themes, plugins, and core software. Exploiting them can lead to unauthorized access, data breaches, defacement, or even complete control of a website.<\/li>\n\n\n\n<li><b>Data breaches \u2013 <\/b>WordPress websites often store sensitive user information, like email addresses, passwords, and personal data. A security breach can expose this confidential data, leading to identity theft, financial loss, or even legal consequences (yikes!).<\/li>\n\n\n\n<li><b>SEO impact \u2013 <\/b>A compromised WordPress site can be used for malicious activities, like hosting malware, redirecting visitors to harmful websites, or sending spam emails. Search engines may flag and penalize such websites, leading to a significant drop in rankings and organic traffic once you regain control of your site.<\/li>\n\n\n\n<li><b>Reputation and trust \u2013 <\/b>If a WordPress website is compromised and used for malicious purposes, it can severely damage the site owner&#8217;s reputation and erode user trust. Think of an e-commerce store, for example. If the store can&#8217;t commit to keeping shoppers&#8217; personal data safe, people just won&#8217;t shop there (and who can blame them?).<\/li>\n\n\n\n<li><b>Downtime and financial loss \u2013 <\/b>A hacked site can experience extended downtime while the website owner works to resolve the security breach. In turn, downtime can result in lost business, decreased revenue, and additional expenses for recovery and restoration.<\/li>\n<\/ul>\n\n\n\n<p>Given these risks, investing in WordPress security measures is essential to protect your website and its users&#8217; data. Ideally, you should put just as much time and effort into security as you spent <a href=\"https:\/\/www.dreamhost.com\/blog\/10-web-design-lessons-star-wars\/\" target=\"_blank\" rel=\"noopener\">designing your site<\/a> in the first place (if not more). Fortunately for you, dear reader, there are lots of simple, quick ways to improve your site\u2019s security, as well as some more complex techniques you may want to employ \u2014&nbsp;and below, we&#8217;re covering them all.<\/p>\n\n\n\n<div class=\"article-newsletter article-newsletter--gradient\">\n\n\n<h2>Get Content Delivered Straight to Your Inbox<\/h2><p>Subscribe now to receive all the latest updates, delivered directly to your inbox.<\/p><form class=\"nwsl-form\" id=\"newsletter_block_\" novalidate><div class=\"messages\"><\/div><div class=\"form-group\"><label for=\"input_newsletter_block_\"><input type=\"email\"name=\"email\"id=\"input_newsletter_block_\"placeholder=\"Enter your email address\"novalidatedisabled=\"disabled\"\/><\/label><button type=\"submit\"class=\"btn btn--brand\"disabled=\"disabled\"><span>Sign Me Up!<\/span><svg width=\"21\" height=\"14\" viewBox=\"0 0 21 14\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n<path d=\"M13.8523 0.42524L12.9323 1.34521C12.7095 1.56801 12.7132 1.9304 12.9404 2.14865L16.7241 5.7823H0.5625C0.251859 5.7823 0 6.03416 0 6.3448V7.6573C0 7.96794 0.251859 8.2198 0.5625 8.2198H16.7241L12.9405 11.8535C12.7132 12.0717 12.7095 12.4341 12.9323 12.6569L13.8523 13.5769C14.072 13.7965 14.4281 13.7965 14.6478 13.5769L20.8259 7.39879C21.0456 7.17913 21.0456 6.82298 20.8259 6.60327L14.6477 0.42524C14.4281 0.205584 14.0719 0.205584 13.8523 0.42524Z\" fill=\"white\"\/>\n<\/svg>\n<\/button><\/div><\/form><\/div>\n\n\n<h2 id=\"top\" class=\"wp-block-heading\">Top WordPress Security Vulnerabilities<\/h2>\n\n\n\n<p>As the saying goes, know thy enemy. Before we dive into our security tips, let&#8217;s learn more about the security vulnerabilities you need to protect your WordPress site from.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><b>Outdated software, themes, and plugins \u2013 <\/b>Using outdated versions of WordPress, themes, or plugins can leave your site vulnerable to known security flaws.<\/li>\n\n\n\n<li><b>Weak usernames and passwords \u2013 <\/b>Weak login credentials make it easier for hackers to access your site. Avoid using common usernames like &#8220;admin&#8221; and choose strong, unique passwords that include a combination of letters, numbers, and symbols.<\/li>\n\n\n\n<li><b>Brute force attacks \u2013 <\/b>Brute force attacks involve repeated attempts to guess your login credentials. You can prevent them by limiting login attempts and using two-factor authorization (more on that later in this article).<\/li>\n\n\n\n<li><b>Cross-site scripting (XSS) \u2013 <\/b>XSS vulnerabilities happen when malicious scripts are injected into web pages, potentially compromising users&#8217; browsers or session data. Many security plugins have features to prevent XSS.<\/li>\n\n\n\n<li><b>Malware infections \u2013 <\/b>Malware can be injected into your site through vulnerabilities, infected themes or plugins, or compromised files. To avoid malware, don&#8217;t install plugins without checking into their reputation first. And regular malware scanning can catch infections before they have the chance to wreak havoc on your site.<\/li>\n\n\n\n<li><b>Backdoors \u2013 <\/b>A backdoor is a hidden entry point in a website that allows unauthorized access even after security measures are in place. Backdoors can be created by malicious actors or accidentally introduced through compromised themes, plugins, or weak security practices. Once a backdoor is established, it can grant unauthorized access to an attacker, who can then manipulate the site, steal data, or perform other malicious activities without the website owner&#8217;s knowledge.<\/li>\n<\/ul>\n\n\n\n<p>Implementing security plugins and other best practices can protect your site from these vulnerabilities. So without further ado, let&#8217;s get to what you&#8217;re here for: actionable WordPress security tips and how to put them into practice.<\/p>\n\n\n\n<h2 id=\"tips\" class=\"wp-block-heading\">20 WordPress Security Tips<\/h2>\n\n\n\n<p>Hopefully, I\u2019ve convinced you about the importance of maintaining a secure WordPress website. If not, I\u2019m going to have to re-enroll in Persuasive Writing 101. Please don\u2019t make me do that.<\/p>\n\n\n\n<p>Throughout the rest of this article, I\u2019ll introduce 20 strategies (along with some of the best WordPress security plugins) for making your site safer from some of the most common and dangerous security vulnerabilities. You don\u2019t have to implement every suggestion on this list (although you certainly can!), but the more steps you take to secure your site, the lower your chances of encountering a disaster down the road.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Use A Quality Host<\/h3>\n\n\n\n<p>You can think of your web host as your website\u2019s street on the Internet \u2014 it\u2019s the place where your site \u201clives.\u201d And like a good school district matters to your kid\u2019s future (so they say; I turned out fine), the quality of your website\u2019s home base counts in a lot of big ways.<\/p>\n\n\n\n<p>A solid hosting provider can impact how well your site performs, how reliable it is, how large it can grow, and even how it ranks in search engines. The best hosts offer a variety of useful features, excellent support, and a service tailored to your chosen platform.<\/p>\n\n\n\n<p>As you\u2019ve probably already guessed, your web host can also have a significant impact on your site\u2019s security. There are several security benefits to choosing from the best hosting companies.<\/p>\n\n\n\n<p><b>How Web Hosting Can Improve WordPress Security:<\/b><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A quality host will constantly update its service, software, and tools to respond to the latest threats and eliminate potential security breaches.<\/li>\n\n\n\n<li>Web hosts often offer various targeted security features, such as SSL\/TLS certificates and DDoS protection. You should also get access to a <a href=\"http:\/\/searchsecurity.techtarget.com\/definition\/Web-application-firewall-WAF\" target=\"_blank\" rel=\"noopener\">Web Application Firewall (WAF)<\/a>, which will help monitor and block serious threats to your site.<\/li>\n\n\n\n<li>Your web host will most likely provide a way to back up your site (in some cases, even carrying out real-time backups for you), so if you\u2019re hacked, you can easily revert to a stable, previous version.<\/li>\n\n\n\n<li>If your host offers reliable, 24\/7 support, you\u2019ll always have someone to help you out if you do run into a security-related issue.<\/li>\n<\/ul>\n\n\n\n<p><style>.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }<\/style><\/p>\n\n\n\n<div class=\"embed-container\"><iframe data-src=\"https:\/\/www.youtube.com\/embed\/1S4CWZYsNLs\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe><\/div>\n\n\n\n<p>This list should give you a good starting point to work from when looking for a host for your new site. You\u2019ll want to find one that offers all of the features and functionality you\u2019ll need, plus has a reputation for reliability and excellent performance.<\/p>\n\n\n\n<p>DreamPress is a <a href=\"https:\/\/www.dreamhost.com\/wordpress\/managed\/\" target=\"_blank\" rel=\"noopener\">managed WordPress hosting<\/a> service that\u2019s fast, reliable, scalable, and, of course, secure. DreamPress includes a pre-installed SSL\/TLS certificate and provides a dedicated WAF designed with rules built to protect WordPress sites and block hacking attempts. With your hosting plan, you\u2019ll also get automated backups, 24\/7 support from WordPress experts, and <a href=\"https:\/\/www.dreamhost.com\/blog\/jetpack-premium-dreampress\/\" target=\"_blank\" rel=\"noopener\">Jetpack Premium<\/a> \u2014 a plugin that can add many additional security features to your site \u2014 at no additional cost.<\/p>\n\n\n\n\n\n<div class=\"glossary-term\">\n\t<a\n\t\tclass=\"glossary-term__above-title\"\n\t\thref=\"\"\n\t\ttarget=\"_blank\"\n\t\trel=\"noopener noreferrer\"\n\t>\n\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 640 512\"><path d=\"M320 32c-8.1 0-16.1 1.4-23.7 4.1L15.8 137.4C6.3 140.9 0 149.9 0 160s6.3 19.1 15.8 22.6l57.9 20.9C57.3 229.3 48 259.8 48 291.9v28.1c0 28.4-10.8 57.7-22.3 80.8c-6.5 13-13.9 25.8-22.5 37.6C0 442.7-.9 448.3 .9 453.4s6 8.9 11.2 10.2l64 16c4.2 1.1 8.7 .3 12.4-2s6.3-6.1 7.1-10.4c8.6-42.8 4.3-81.2-2.1-108.7C90.3 344.3 86 329.8 80 316.5V291.9c0-30.2 10.2-58.7 27.9-81.5c12.9-15.5 29.6-28 49.2-35.7l157-61.7c8.2-3.2 17.5 .8 20.7 9s-.8 17.5-9 20.7l-157 61.7c-12.4 4.9-23.3 12.4-32.2 21.6l159.6 57.6c7.6 2.7 15.6 4.1 23.7 4.1s16.1-1.4 23.7-4.1L624.2 182.6c9.5-3.4 15.8-12.5 15.8-22.6s-6.3-19.1-15.8-22.6L343.7 36.1C336.1 33.4 328.1 32 320 32zM128 408c0 35.3 86 72 192 72s192-36.7 192-72L496.7 262.6 354.5 314c-11.1 4-22.8 6-34.5 6s-23.5-2-34.5-6L143.3 262.6 128 408z\"\/><\/svg>\n\t\t<span><\/span>\n\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 384 512\"><path d=\"M342.6 233.4c12.5 12.5 12.5 32.8 0 45.3l-192 192c-12.5 12.5-32.8 12.5-45.3 0s-12.5-32.8 0-45.3L274.7 256 105.4 86.6c-12.5-12.5-12.5-32.8 0-45.3s32.8-12.5 45.3 0l192 192z\"\/><\/svg>\n\t<\/a>\n    <h3>Jetpack<\/h3>\n    <p>Jetpack is a WordPress plugin created by Automattic, the company behind WordPress.com. It\u2019s a plugin that gives you access to features that are usually only available on WordPress.com sites.<\/p>\n            <a\n            href=\"https:\/\/www.dreamhost.com\/glossary\/web-design\/jetpack\/\"\n                        class=\"btn btn--white-outline btn--sm btn--round\"\n                                    target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >\n                            Read More                    <\/a>\n\n<\/div>\n\n\n\n<p>With DreamPress, you\u2019ll be able to rest easy knowing that your site is protected. Our hosting service even takes care of many of the other security-enhancing steps on this list \u2014 although we still encourage you to read on to learn what extra measures you can take to protect your site.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Register Your Domain Privately<\/h3>\n\n\n\n<p>To register a domain, you\u2019re asked to provide your name, address, and phone number. This information is used to <a href=\"https:\/\/www.dreamhost.com\/blog\/private-domain-registration-faqs\/\" target=\"_blank\" rel=\"noopener\">track ownership of domain names<\/a> and can be found online with a quick search on the WHOIS directory.<\/p>\n\n\n\n<p>While keeping track of this information is vital to the health of the internet, it\u2019s reasonable not to want your personal information online. This is where Private Registration enters the story. When you register a domain with DreamHost (or another secure hosting platform, I <i>guess<\/i>), you have the option to substitute your personal information with the relevant data from the hosting platform \u2014 so looking up your domain on WHOIS shows DreamHost\u2019s address and contact information instead of yours. You can even <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216458407-Enabling-WHOIS-privacy-settings\" target=\"_blank\" rel=\"noopener\">enable this security feature<\/a> after your domain has already been registered!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Change Your Admin Username<\/h3>\n\n\n\n<p>When you first create your website, all shiny and new, you\u2019re given a User Profile. At any time, you can go back and change your Nickname or fill in your Full Name, but to <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-change-your-wordpress-username\/\" target=\"_blank\" rel=\"noopener\">change your username<\/a> is a different story \u2014 you will need to create a whole new user and grant that account the administrator role. The drawback? You need to use a different email address than the one used by your current account.<\/p>\n\n\n\n<p>You can then alter your username by creating a new user, giving it the <a href=\"https:\/\/www.dreamhost.com\/blog\/wordpress-user-roles\/\" target=\"_blank\" rel=\"noopener\">administrator role<\/a>, attributing all your content to it, and deleting your original account. When your previous username has been deleted, you can change the email address of your new account if you desire.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"900\" height=\"517\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen.png\" alt=\"WordPress Login Screen\" class=\"wp-image-41190 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/WordPress-Login-Screen.png.webp 900w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-300x172.png 300w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Login-Screen-768x441.png 768w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/WordPress-Login-Screen-600x345.png.webp 600w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/WordPress-Login-Screen-730x419.png.webp 730w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/WordPress-Login-Screen-784x450.png.webp 784w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/WordPress-Login-Screen-877x504.png.webp 877w\" data-sizes=\"(max-width: 900px) 100vw, 900px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 900px; --smush-placeholder-aspect-ratio: 900\/517;\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">4. Enable A Web Application Firewall<\/h3>\n\n\n\n<p><style>.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }<\/style><\/p>\n\n\n\n<div class=\"embed-container\"><iframe data-src=\"https:\/\/www.youtube.com\/embed\/LJZbWKe6mgY\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe><\/div>\n\n\n\n<p>You\u2019re probably familiar with the concept of a firewall \u2014 a program that helps to block all sorts of unwanted attacks on your site. Most likely, you have some kind of firewall on your computer. A <a href=\"https:\/\/www.owasp.org\/index.php\/Web_Application_Firewall\" target=\"_blank\" rel=\"noopener\">Web Application Firewall (WAF)<\/a> is simply a firewall designed specifically for websites. It can protect servers, specific websites, or entire groups of sites.<\/p>\n\n\n\n<p>A WAF on your WordPress site will function as a barrier between your website and the rest of the web. A firewall monitors incoming activity, detects attacks, malware, and other unwanted events, and blocks anything it considers a risk from accessing your web server. #winning<\/p>\n\n\n\n<p>You have many options for adding a WAF to your site (WordFence is a popular choice). But if you\u2019ve opted for our DreamPress package, you can relax; you won\u2019t need an additional firewall. DreamPress includes a built-in WAF that will monitor your site for threats and block malicious users and programs from gaining access. No action required on your part.<\/p>\n\n\n\n<p>DreamHost also offers DreamShield, our in-house malware scanning service. When you enable DreamShield on your hosting account, we\u2019ll scan your site daily for malicious code. If we find anything suspicious, you\u2019ll be notified immediately via email.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. Implement Two-Factor Authentication<\/h3>\n\n\n\n<p><a href=\"https:\/\/codex.wordpress.org\/Two_Step_Authentication\" target=\"_blank\" rel=\"noopener\">Two-factor authentication<\/a> (which also goes by two-step authentication and a variety of other, similar names) refers to a two-step process you\u2019ll need to follow when logging into your site. This takes a little more time and effort but goes a long way toward keeping hackers out.<\/p>\n\n\n\n<p>Two-factor authentication involves using a smartphone or other device to verify your login. First, you\u2019ll visit your WordPress site and enter your username and password as usual. A unique code will then be sent to your mobile device, which you must provide to finish logging in. This enables you to prove your identity by showing you have access to something solely yours \u2014 such as a particular phone or tablet.<\/p>\n\n\n\n<p>As with many WordPress features, two-factor authentication is easy to add with a dedicated plugin. The <a href=\"https:\/\/wordpress.org\/plugins\/two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">Two Factor Authentication<\/a> plugin is a solid choice \u2014 it\u2019s created by reliable developers, compatible with <a href=\"https:\/\/support.google.com\/accounts\/answer\/1066447?hl=en\" target=\"_blank\" rel=\"noopener\">Google Authenticator<\/a>, and will enable you to add two-factor functionality to your site with no fuss.<\/p>\n\n\n\n<p>Another choice is the <a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" target=\"_blank\" rel=\"noopener\">Two-Factor<\/a> plugin, which was built mainly by core WordPress developers and is well known for its reliability. As with any plugin in this category, it comes with a bit of a learning curve, but it will get the job done and is incredibly secure. If you\u2019re willing to spend a little money, you can also <a href=\"https:\/\/jetpack.com\/for\/clef\/\" target=\"_blank\" rel=\"noopener\">check out Jetpack\u2019s Clef-like premium solution<\/a>.<\/p>\n\n\n\n<p>Whatever route you choose, make sure to plan ahead with your team, since you\u2019ll need to gather phone numbers and other information for all user accounts. With that, your login page is now secured and ready to go.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. Be Mindful When Adding New Plugins And Themes<\/h3>\n\n\n\n<p>One of the best things about WordPress is the ready availability of plugins and themes for just about any need. With these handy tools, you can make your site look just right and add nearly any feature or functionality you can think of.<\/p>\n\n\n\n<p>Not all plugins and themes are created equally, though.<\/p>\n\n\n\n<p>Developers who aren\u2019t careful or don\u2019t have the right level of experience can create plugins that are unreliable or insecure \u2014 or just downright sucky. They might use poor coding practices that <a href=\"https:\/\/www.dreamhost.com\/blog\/how-to-fix-harmful-programs-warning-wordpress\/\" target=\"_blank\" rel=\"noopener\">leave holes hackers can easily exploit<\/a> or unknowingly interfere with crucial functionality.<\/p>\n\n\n\n<p>This means you must be very careful about the themes and plugins you add to your site. Each one should be vetted to ensure it\u2019s a solid option that won\u2019t hurt your site or cause problems. Here&#8217;s how to select quality tools:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><b>Read reviews<\/b> <b>\u2013<\/b> Check user ratings and reviews to learn whether others have had a good experience with the plugin or theme.<\/li>\n\n\n\n<li><b>Developer support<\/b> <b>\u2013<\/b> Look at how recently the plugin or theme has been updated. If it\u2019s been longer than six months, chances are it isn\u2019t as secure as it could be.<\/li>\n\n\n\n<li><b>Easy does it<\/b> <b>\u2013<\/b> Install new plugins and themes one at a time, so if anything goes wrong, you\u2019ll know what the cause was. Also, remember to back up your site before adding anything to it.<\/li>\n\n\n\n<li><b>Vetted sources<\/b> <b>\u2013<\/b> Get your plugins and themes from trustworthy sources, such as the <a href=\"https:\/\/wordpress.org\/\" target=\"_blank\" rel=\"noopener\">WordPress.org Theme and Plugin Directories<\/a>, <a href=\"http:\/\/market.envato.com\/\" target=\"_blank\" rel=\"noopener\">ThemeForest and CodeCanyon<\/a>, and reliable developer websites.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7. Regularly Update WordPress<\/h3>\n\n\n\n<p>Keeping WordPress up to date is one of the most important things you can do to secure your site. Smaller patches and security updates will be implemented automatically, but you may need to approve major updates independently (don&#8217;t worry, this is <a href=\"https:\/\/codex.wordpress.org\/Updating_WordPress\" target=\"_blank\" rel=\"noopener\">very simple to do<\/a>). This probably goes without saying, but DreamHost handles these updates for you, so you don&#8217;t have to worry.<\/p>\n\n\n\n<p>But your work isn&#8217;t done just because WordPress is up to date.<\/p>\n\n\n\n<p>You\u2019ll also need to regularly update your plugins, themes, and other WordPress installations to ensure they work well together and are secured against the latest threats. Fortunately, <a href=\"https:\/\/www.elegantthemes.com\/blog\/tips-tricks\/how-to-safely-update-your-wordpress-plugins-every-time\" target=\"_blank\" rel=\"noopener\">this is also pretty easy<\/a> \u2014 simply go to your WordPress dashboard, look for the red notifications telling you there are themes or plugins with available updates, and click &#8220;Update Now&#8221; next to each one.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"900\" height=\"362\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins.png\" alt=\"Keep WordPress secure by updating plugins\" class=\"wp-image-41191 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/keep-wordpress-secure-by-updating-plugins.png.webp 900w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-300x121.png 300w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/keep-wordpress-secure-by-updating-plugins-768x309.png 768w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/keep-wordpress-secure-by-updating-plugins-600x241.png.webp 600w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/keep-wordpress-secure-by-updating-plugins-730x294.png.webp 730w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/keep-wordpress-secure-by-updating-plugins-784x315.png.webp 784w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/keep-wordpress-secure-by-updating-plugins-877x353.png.webp 877w\" data-sizes=\"(max-width: 900px) 100vw, 900px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 900px; --smush-placeholder-aspect-ratio: 900\/362;\" \/><\/figure>\n\n\n\n<p>You can also update your plugins in a batch by selecting all of them and then hitting the update button, either here or in the WordPress panel.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8. Configure File Permissions<\/h3>\n\n\n\n<p>Let\u2019s talk technical for a minute.<\/p>\n\n\n\n<p>A lot of the information, data, and content on your WordPress site is stored in a series of folders and files on its back end. These are organized into a hierarchical structure, and each one is given a permissions level. The permissions on a WordPress file or folder determine who can view and edit it. They can be set to allow access to anyone, only you, or almost anything in between.<\/p>\n\n\n\n<p>File permissions are represented by a three-digit number in WordPress, and each digit has a meaning. The first digit stands for an individual user (the site\u2019s owner), the second digit for the group (for example, members of your site), and the third for everyone in the world. The number itself means that the user, group, or world:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0: Has no access to the file.<\/li>\n\n\n\n<li>1: Can only execute the file.<\/li>\n\n\n\n<li>2: Can edit the file.<\/li>\n\n\n\n<li>3: Can edit and execute the file.<\/li>\n\n\n\n<li>4: Can read the file.<\/li>\n\n\n\n<li>5: Can read and execute the file.<\/li>\n\n\n\n<li>6: Can read and edit the file.<\/li>\n\n\n\n<li>7: Can read, edit, and execute the file.<\/li>\n<\/ul>\n\n\n\n<p>So, for example, if a file is given a permissions level of 640 it means the primary user can read and edit the file, the group can read the file but not edit it, and the rest of the world cannot access it at all. It\u2019s important to ensure that each person only has the level of access to your site\u2019s files and folders you want them to have.<\/p>\n\n\n\n<p><a href=\"https:\/\/codex.wordpress.org\/Changing_File_Permissions\" target=\"_blank\" rel=\"noopener\">WordPress recommends<\/a> setting folders to a permissions level of 755 and files to 644. You\u2019re pretty safe sticking to these guidelines, although you can <a href=\"http:\/\/artisansweb.net\/correct-file-permissions-wordpress\/\" target=\"_blank\" rel=\"noopener\">set up any combination<\/a> you\u2019d like. Just remember that it\u2019s best not to give anyone more access than they absolutely need, especially to core files.<\/p>\n\n\n\n<p>You should also keep in mind that your ideal permissions settings will depend somewhat on your hosting service, so you may want to find out <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214916918-Keeping-your-website-secure\" target=\"_blank\" rel=\"noopener\">what your host recommends<\/a>.<\/p>\n\n\n\n<p><b>Note<\/b>: Be very careful when making changes to your permissions levels \u2014 choosing the wrong values (like <a href=\"https:\/\/www.dreamhost.com\/blog\/pesky-permissions\/\" target=\"_blank\" rel=\"noopener\">the dreaded 777<\/a>) can make your site inaccessible.<\/p>\n\n\n\n<p>And while we&#8217;re on this subject, it&#8217;s important to note that WordPress comes with a built-in code editor that allows users to edit theme and plugin files right from the Admin Area. This is handy when you need it, but a big security risk if your site falls into the wrong hands. That&#8217;s why you should disable file editing with a plugin like Sucuri.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9. Keep WordPress Users To A Minimum<\/h3>\n\n\n\n<p>If you\u2019re running your WordPress site solo, you don\u2019t need to worry about this step. Just don\u2019t give anyone else an account on your site, and you\u2019ll be the only person who can make changes.<\/p>\n\n\n\n<p>However, there are many reasons to add another user account to your site: You may want to let other authors contribute content, or you might need people to help edit content and manage your site. You may even have an entire team of users who regularly access your WordPress site and make their own changes.<\/p>\n\n\n\n<p>This can be beneficial (or even necessary). However, it\u2019s also a potential security risk.<\/p>\n\n\n\n<p>The more people you let into your site, the higher the chance that someone will make a mistake, cause problems, or just be a putz. That&#8217;s why you should keep your site&#8217;s user count as low as possible without hampering its ability to grow. In particular, try to limit the number of administrators and other <a href=\"https:\/\/firstsiteguide.com\/wordpress-user-roles\/\" target=\"_blank\" rel=\"noopener\">user roles with high privileges<\/a>.<\/p>\n\n\n\n\n\n<div class=\"glossary-term\">\n\t<a\n\t\tclass=\"glossary-term__above-title\"\n\t\thref=\"\"\n\t\ttarget=\"_blank\"\n\t\trel=\"noopener noreferrer\"\n\t>\n\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 640 512\"><path d=\"M320 32c-8.1 0-16.1 1.4-23.7 4.1L15.8 137.4C6.3 140.9 0 149.9 0 160s6.3 19.1 15.8 22.6l57.9 20.9C57.3 229.3 48 259.8 48 291.9v28.1c0 28.4-10.8 57.7-22.3 80.8c-6.5 13-13.9 25.8-22.5 37.6C0 442.7-.9 448.3 .9 453.4s6 8.9 11.2 10.2l64 16c4.2 1.1 8.7 .3 12.4-2s6.3-6.1 7.1-10.4c8.6-42.8 4.3-81.2-2.1-108.7C90.3 344.3 86 329.8 80 316.5V291.9c0-30.2 10.2-58.7 27.9-81.5c12.9-15.5 29.6-28 49.2-35.7l157-61.7c8.2-3.2 17.5 .8 20.7 9s-.8 17.5-9 20.7l-157 61.7c-12.4 4.9-23.3 12.4-32.2 21.6l159.6 57.6c7.6 2.7 15.6 4.1 23.7 4.1s16.1-1.4 23.7-4.1L624.2 182.6c9.5-3.4 15.8-12.5 15.8-22.6s-6.3-19.1-15.8-22.6L343.7 36.1C336.1 33.4 328.1 32 320 32zM128 408c0 35.3 86 72 192 72s192-36.7 192-72L496.7 262.6 354.5 314c-11.1 4-22.8 6-34.5 6s-23.5-2-34.5-6L143.3 262.6 128 408z\"\/><\/svg>\n\t\t<span><\/span>\n\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 384 512\"><path d=\"M342.6 233.4c12.5 12.5 12.5 32.8 0 45.3l-192 192c-12.5 12.5-32.8 12.5-45.3 0s-12.5-32.8 0-45.3L274.7 256 105.4 86.6c-12.5-12.5-12.5-32.8 0-45.3s32.8-12.5 45.3 0l192 192z\"\/><\/svg>\n\t<\/a>\n    <h3>User Role<\/h3>\n    <p>Users in WordPress can be one of six default roles: Super Admin, Administrator, Editor, Author, Contributor, or Subscriber. WordPress provides a user role management system that defines what users are allowed to do on your website.<\/p>\n            <a\n            href=\"https:\/\/www.dreamhost.com\/glossary\/wordpress\/user-role\/\"\n                        class=\"btn btn--white-outline btn--sm btn--round\"\n                                    target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >\n                            Read More                    <\/a>\n\n<\/div>\n\n\n\n<p>Here are a few other best practices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limit each user to only what permissions are necessary for them to do their job.<\/li>\n\n\n\n<li>Encourage users to use strong passwords.<\/li>\n\n\n\n<li>Try to stick with one administrator and a small group of editors.<\/li>\n\n\n\n<li>Remove users who have left the site or no longer need access.<\/li>\n\n\n\n<li>Regularly log out idle users (the <a href=\"https:\/\/wordpress.org\/plugins\/inactive-logout\/\" target=\"_blank\" rel=\"noopener\">Inactive Logout plugin<\/a> is great for this!).<\/li>\n\n\n\n<li>Consider downloading a plugin like <a href=\"https:\/\/wordpress.org\/plugins\/members\/\" target=\"_blank\" rel=\"noopener\">Members<\/a>, which provides a user interface for WordPress\u2019 <a href=\"https:\/\/codex.wordpress.org\/Roles_and_Capabilities\" target=\"_blank\" rel=\"noopener\">role and capabilities<\/a> system.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"852\" height=\"330\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress.png\" alt=\"Content permissions settings on WordPress\" class=\"wp-image-41192 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/content-permissions-settings-wordpress.png.webp 852w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-300x116.png 300w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/content-permissions-settings-wordpress-768x297.png 768w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/content-permissions-settings-wordpress-600x232.png.webp 600w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/content-permissions-settings-wordpress-730x283.png.webp 730w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/content-permissions-settings-wordpress-784x304.png.webp 784w\" data-sizes=\"(max-width: 852px) 100vw, 852px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 852px; --smush-placeholder-aspect-ratio: 852\/330;\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">10. Limit Login Attempts<\/h3>\n\n\n\n<p>Everyone forgets their password sometimes. But good news! By default, WordPress allows an unlimited number of guesses.<\/p>\n\n\n\n<p>But is that <i>really<\/i> good news? Brute force attacks, or attacks where a hacker tries any number of passwords, are one of the most common ways hackers gain access to private accounts. With no limit on login attempts, a hacker or bot could try every password in the book with no consequences.<\/p>\n\n\n\n<p>First, check your Web Access Firewall (WAF) to limit the number of login attempts a user can make. If your firewall is already set up, a limit will already be in place, but you can also use a separate plugin for that! Both <a href=\"https:\/\/wordpress.org\/plugins\/login-lockdown\/\" target=\"_blank\" rel=\"noopener\">Login Lockdown<\/a> and Cerber <a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\" rel=\"noopener\">Limit Login Attempts<\/a> record the IP address and time stamp for each failed login attempt, let you limit the number of failed attempts allowed in a certain span of time, and lock out IP addresses that exceed the limit. Both plugins are free, but Login Lockdown is simpler and more beginner-friendly. If you require a more robust system, Cerber Limit Login Attempts is the way to go, allowing not only IP white\/blacklisting, but also notifying admins if a certain number of lockouts is reached.<\/p>\n\n\n\n<p><style>.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }<\/style><\/p>\n\n\n\n<div class=\"embed-container\"><iframe data-src=\"https:\/\/www.youtube.com\/embed\/wzmPXu55zLU\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">11. Track Your Admin Area Activity<\/h3>\n\n\n\n<p>If you have multiple users, keeping tabs on what they\u2019re all doing on the site is a good idea. Tracking activity in your <a href=\"https:\/\/www.dreamhost.com\/blog\/what-to-do-when-locked-out-wordpress\/\" target=\"_blank\" rel=\"noopener\">WordPress admin area<\/a> will help you spot when other users are doing things they shouldn\u2019t \u2014 and can help you spot when unauthorized users have gained access.<\/p>\n\n\n\n<p>But you also need a tool to help you see who is behind different site activities \u2014&nbsp;like when someone makes an unauthorized change or a suspicious new install. For that, you need another plugin. <a href=\"https:\/\/wordpress.org\/plugins\/simple-history\/\" target=\"_blank\" rel=\"noopener\">Simple History<\/a> lives up to its name by creating a streamlined, easy-to-understand log of changes and events on your site.<\/p>\n\n\n\n<p>For more comprehensive tracking features, check out <a href=\"https:\/\/wordpress.org\/plugins\/wp-security-audit-log\/\" target=\"_blank\" rel=\"noopener\">WP Security Audit Log<\/a>, which tracks just about everything that happens on your site and offers <a href=\"https:\/\/www.wpsecurityauditlog.com\/plugin-extensions\/\" target=\"_blank\" rel=\"noopener\">premium add-ons<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"850\" height=\"342\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure.png\" alt=\"Session timeouts keep WordPress secure\" class=\"wp-image-41193 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/session-timeouts-keep-wordpress-secure.png.webp 850w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-300x121.png 300w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/session-timeouts-keep-wordpress-secure-768x309.png 768w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/session-timeouts-keep-wordpress-secure-600x241.png.webp 600w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/session-timeouts-keep-wordpress-secure-730x294.png.webp 730w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/session-timeouts-keep-wordpress-secure-784x315.png.webp 784w\" data-sizes=\"(max-width: 850px) 100vw, 850px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 850px; --smush-placeholder-aspect-ratio: 850\/342;\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">12. Password Protect Your Login Page<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area\/\" target=\"_blank\" rel=\"noopener\">The login page<\/a> is the most likely way for hackers to access your website, so protecting it is a great way to protect the rest of your site. This can be a bit technical, but it&#8217;s still worth learning. Use <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216363187-Password-protecting-your-site-with-an-htaccess-file\" target=\"_blank\" rel=\"noopener\">this tutorial<\/a> to learn how to create an htaccess file and add a password prompt to your login page. A login for your login \u2014&nbsp;what will they think of next?<\/p>\n\n\n\n<p>And if you\u2019re hosting content that not everyone needs to see, you can password protect other parts of your site. For blog posts and other pages, you can add password protection by going into pages &gt;&gt; all posts option. Click \u201cedit,\u201d and you\u2019ll see the option to change the visibility to \u201cPassword Protected\u201d. Just publish, and badabing-badaboom, that page is locked up tight!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13. Hide Your Login Page<\/h3>\n\n\n\n<p>Adding password protection to your login page is great, but even better is if hackers <a href=\"https:\/\/wpmudev.com\/blog\/hide-wordpress-login-page\/\" target=\"_blank\" rel=\"noopener\">can&#8217;t even find it<\/a>. Changing your wp-admin and wp-login pages is easy and helps deter hackers who can easily find your login page if you leave default settings in place.<\/p>\n\n\n\n<p>There are several plugins that can redirect the default login page to another page of your choosing. Many plugins offer this as part of a larger package (for example, <a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" target=\"_blank\" rel=\"noopener\">Defender <\/a>also includes a malware scanner and firewall). But if you\u2019re looking for something simple, try <a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noopener\">WPS Hide Login<\/a>, which just hides your login. Just don\u2019t forget to bookmark your new login page so you can find it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14. Update PHP<\/h3>\n\n\n\n<p><style>.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }<\/style><\/p>\n\n\n\n<div class=\"embed-container\"><iframe data-src=\"https:\/\/www.youtube.com\/embed\/G_O-mxZAk-g\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe><\/div>\n\n\n\n<p>Just like America runs on Dunkin&#8217; (don\u2019t quote us there), WordPress runs on PHP. Updating WordPress isn\u2019t enough to keep your site safe and secure \u2014 you need to make sure you\u2019re using the latest version of PHP, too.<\/p>\n\n\n\n<p>Normally, each PHP version is supported for at least two years after its release date, meaning vulnerabilities are addressed by the engineers who designed the code. When the code goes out of date (or reaches its EOL or \u201cend of life\u201d), it\u2019s time to upgrade, or you <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214895317-Change-the-PHP-version-of-a-site\" target=\"_blank\" rel=\"noopener\">risk being exposed <\/a>to security concerns, performance slowdowns, and bugs galore.<\/p>\n\n\n\n<p>To see which version of PHP you\u2019re currently running, log in to your WordPress site, and select Tools &gt;&gt; Site Health. Navigate to Info and then Server, and <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214895287\" target=\"_blank\" rel=\"noopener\">view your current PHP version<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15. Secure Your WordPress Database<\/h3>\n\n\n\n<p>Leaving anything at the default settings is a boon for hackers, and by default, WordPress uses <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-change-the-wordpress-database-prefix-to-improve-security\/\" target=\"_blank\" rel=\"noopener\">wp_ as the prefix <\/a>for <i>all<\/i> of your related tables. Good news! If you\u2019re using the <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/215525277-Install-WordPress-using-the-One-Click-Installer\" target=\"_blank\" rel=\"noopener\">One-Click Installer<\/a>, you already have a prefix of random letters and numbers. As long as it ends with an underscore, the system is happy. Better News! Even if your WordPress is already installed, it may be eligible for the One-Click Installer as long as the site is fully hosted and meets a few other guidelines.<\/p>\n\n\n\n<p>Just note that breaking something can be as easy as a missing underscore. Luckily, there is a default version of the <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/214693268-WordPress-wp-config-php-overview\" target=\"_blank\" rel=\"noopener\">wp-config.php<\/a> file available at <a href=\"https:\/\/core.trac.wordpress.org\/browser\/trunk\/wp-config-sample.php\" target=\"_blank\" rel=\"noopener\">WordPress Core<\/a>, so you can quickly and easily rebuild \u2014 whether you tried to change the database prefix manually, or with a service like phpMyAdmin.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">16. Add Security Questions<\/h3>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"550\" height=\"352\" data-src=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress.png\" alt=\"Security question plugin for WordPress\" class=\"wp-image-41194 lazyload\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/smush-webp\/2022\/10\/security-question-plugin-for-wordpress.png.webp 550w, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/security-question-plugin-for-wordpress-300x192.png 300w\" data-sizes=\"(max-width: 550px) 100vw, 550px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 550px; --smush-placeholder-aspect-ratio: 550\/352;\" \/><\/figure>\n\n\n\n<p>Security questions are often overlooked, but they give extra <i>oomph<\/i> to your security. Depending on the <a href=\"https:\/\/www.wpbeginner.com\/plugins\/how-to-add-security-questions-to-wordpress-login-screen\/\" target=\"_blank\" rel=\"noopener\">plugin you choose<\/a>, you&#8217;ll either choose from existing security questions or create your own.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">17. Hide Your WordPress Version<\/h3>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Security_through_obscurity\" target=\"_blank\" rel=\"noopener\">Security through Obscurity<\/a> \u2014 if they can\u2019t find it, they can\u2019t hack it!<\/p>\n\n\n\n<p><a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/the-right-way-to-remove-wordpress-version-number\/\" target=\"_blank\" rel=\"noopener\">Hide which version <\/a>of WordPress you\u2019re using (or hide that you\u2019re using WordPress altogether) by altering the header code. If that sounds too technical, use a plugin like <a href=\"https:\/\/wpcode.com\/\" target=\"_blank\" rel=\"noopener\">WPCode<\/a>. Just make sure to alter the code and not just edit the display information in your theme settings \u2014&nbsp;those snippets of code will only return during the next theme update.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">18. Prevent Hotlinking<\/h3>\n\n\n\n<p>Hotlinking is the act of stealing bandwidth by using files hosted on one site and linking them to another. For example, let\u2019s say someone draws a pretty clever comic, and some other website wants to feature it without permission. They could <a href=\"https:\/\/www.theguardian.com\/media\/2015\/oct\/28\/cartoonist-the-oatmeal-trolls-huffpo-over-images-published-sans-permission\" target=\"_blank\" rel=\"noopener\">hotlink the comic<\/a> instead of hosting it on their own servers, costing the original website more bandwidth, and therefore more money.<\/p>\n\n\n\n<p>To <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/216363197-Prevent-image-hotlinking\" target=\"_blank\" rel=\"noopener\">prevent hotlinking<\/a>, you can choose to reject certain domains, allow only certain domains, or remove the ability to hotlink altogether, all by making a few changes to your htaccess file. You can even include a snippet in your .htaccess file that routes all hotlinking attempts to a page or image of your choice \u2014 perhaps one that says, \u201cStop hotlinking, freeloader!\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">19. DDoS Protection (Disable XML RPC)<\/h3>\n\n\n\n<p>A Distributed Denial of Service attack (or <a href=\"https:\/\/www.webopedia.com\/definitions\/ddos-attack\/\" target=\"_blank\" rel=\"noopener\">DDoS<\/a>) is when a hacker uses multiple systems to send a huge volume of data and overwhelm their target. This can slow down and crash their target \u2014 imagine a huge traffic jam for your website where no legitimate traffic can get in.<\/p>\n\n\n\n<p>We know that patience is hard to come by online, with the average user waiting <a href=\"https:\/\/www.thinkwithgoogle.com\/marketing-strategies\/app-and-mobile\/mobile-page-speed-new-industry-benchmarks\/\" target=\"_blank\" rel=\"noopener\">only 3 seconds<\/a> for a page to load before clicking away, so the sooner you can identify and resolve an attack on your website, the better.<\/p>\n\n\n\n<p>While preventing a DDoS attack may seem daunting, one of the first steps you can take is to remove or disable any old or unutilized plugins. Plugins are incredibly handy, but by increasing functionality, they also have access to your website that <a href=\"https:\/\/www.wpbeginner.com\/wp-tutorials\/how-to-stop-and-prevent-a-ddos-attack-on-wordpress\/\" target=\"_blank\" rel=\"noopener\">can be exploited<\/a>. For once, downloading more plugins is not the answer!<\/p>\n\n\n\n<p><a href=\"https:\/\/www.wpbeginner.com\/plugins\/how-to-disable-xml-rpc-in-wordpress\/\" target=\"_blank\" rel=\"noopener\">XML-RPC<\/a> allows WordPress access through the app on your mobile device. If you don&#8217;t use your smartphone to make changes to your WordPress website, you likely don\u2019t need this feature enabled. Turning it off involves adding a quick snippet of code to your htaccess file, and you\u2019ll be all the safer for it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">20. Malware Scanning<\/h3>\n\n\n\n<p>Malware (short for <a href=\"https:\/\/www.acunetix.com\/websitesecurity\/cross-site-scripting\/\" target=\"_blank\" rel=\"noopener\">malicious software<\/a>) hides in what appears to be safe applications so that the user doesn\u2019t know their computer or website has been infected.<\/p>\n\n\n\n<p>Malware scanning is an important defense that works by using <a href=\"https:\/\/wordpress.org\/plugins\/security-ninja\/\" target=\"_blank\" rel=\"noopener\">anti-malware software<\/a> to identify and isolate suspicious files until you decide if they need to be removed. If a threat is detected, a good malware scanner will delete any trace of it from your computer ASAP. Luckily, <a href=\"https:\/\/wordpress.org\/plugins\/security-antivirus-firewall\/\" target=\"_blank\" rel=\"noopener\">several firewall plugins<\/a> come with malware scanning built in, so make sure to check your security plugins to see what they offer.<\/p>\n\n\n\n<p>If you have DreamHost as your hosting platform, you can activate <a href=\"https:\/\/help.dreamhost.com\/hc\/en-us\/articles\/226704048-How-do-I-enable-DreamShield-\" target=\"_blank\" rel=\"noopener\">DreamShield<\/a> to handle daily malware scanning for you.<\/p>\n\n\n\n<h2 id=\"summary\" class=\"wp-block-heading\">WordPress Security: Locking It Up<\/h2>\n\n\n\n<p>If your website is hacked, you\u2019ll spend hours (perhaps even days) trying to repair the damage. You may permanently lose data or see your personal information compromised \u2014 or worse: your clients\u2019 data.<\/p>\n\n\n\n<p>That\u2019s why you have to put enough time and energy into making sure your site is secure. Otherwise, you just risk losing valuable business and precious time.<\/p>\n\n\n\n<p>These WordPress security tips should help. Some are simple tweaks, while others affect your entire site. But if you&#8217;re looking for one impactful change you can make <i>today<\/i> to keep your site secure, make sure it runs on a secured WordPress host.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.dreamhost.com\/wordpress\/\" target=\"_blank\" rel=\"noopener\">DreamPress hosting<\/a> (with free WordPress migration) is specifically designed for the WordPress environment. Plus, if you ever do encounter a security issue, we\u2019ve got you covered with automatic daily backups, a daily malware scan, and our support team of WordPress experts! Ready to protect your site from threats and vulnerabilities? <a href=\"https:\/\/www.dreamhost.com\/wordpress\/\" target=\"_blank\" rel=\"noopener\">Learn more about DreamPress hosting today<\/a>.<\/p>\n\n\n\n\n<div\n\tclass=\"article-cta-shared article-cta-small\"\n>\n    <div class=\"tr-img-wrap-outer jsLoading\"><img decoding=\"async\" class=\"js-img-lazy \" src=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/themes\/blog2018\/assets\/img\/lazy-loading-transparent.webp\" data-srcset=\"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/themes\/blog2018\/assets\/img\/article-small-ad-cta-placeholder.webp 1x, https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/themes\/blog2018\/assets\/img\/article-small-ad-cta-placeholder-x2.webp 2x\"  alt=\"Ad background image\" \/><\/div>\n\n\n\n\n  <div class=\"content-btm\">\n    <h2\n      class=\"h2--md\"\n    >\n      Launch Your Website with DreamPress\n    <\/h2>\n    <p\n      class=\"p--md\"\n    >\n      Our automatic updates and strong security defenses take server management off your hands so you can focus on creating a great website.\n    <\/p>\n\n            <a\n            href=\"https:\/\/www.dreamhost.com\/wordpress\/managed\/\"\n                        class=\"btn btn--white-outline btn--sm btn--round\"\n                                    target=\"_blank\"\n            rel=\"noopener noreferrer\"\n            >\n                            Check Out Plans                    <\/a>\n\n  <\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re looking for a top-tier, all-in-one content management system to power your website, look no further than WordPress. WordPress is an excellent, secure platform out of the box, but there\u2019s certainly more you can (and should!) do to keep your site safe from malicious intent. Many of these security enhancements are easy to implement [&hellip;]<\/p>\n","protected":false},"author":1036,"featured_media":41187,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_metadesc":"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.","toc_headlines":"[[\"why\",\"Why WordPress Security Is So Important\"],[\"top\",\"Top WordPress Security Vulnerabilities\"],[\"tips\",\"20 WordPress Security Tips\"],[\"summary\",\"WordPress Security: Locking It Up\"]]","hide_toc":false,"footnotes":""},"categories":[13125,550,696],"tags":[],"class_list":["post-9181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-performance-security","category-tutorials","category-wordpress"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How Secure Your WordPress Site (25 Hardening Tips)<\/title>\n<meta name=\"description\" content=\"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Everything You Need To Know About WordPress Security (+20 Hardening Tips)\" \/>\n<meta property=\"og:description\" content=\"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/\" \/>\n<meta property=\"og:site_name\" content=\"DreamHost Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/DreamHost\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-20T14:00:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-29T13:52:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Luke Odom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dreamhost\" \/>\n<meta name=\"twitter:site\" content=\"@dreamhost\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Luke Odom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"23 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How Secure Your WordPress Site (25 Hardening Tips)","description":"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/","og_locale":"en_US","og_type":"article","og_title":"Everything You Need To Know About WordPress Security (+20 Hardening Tips)","og_description":"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.","og_url":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/","og_site_name":"DreamHost Blog","article_publisher":"https:\/\/www.facebook.com\/DreamHost\/","article_published_time":"2023-07-20T14:00:04+00:00","article_modified_time":"2025-10-29T13:52:27+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Social-Image.jpg","type":"image\/jpeg"}],"author":"Luke Odom","twitter_card":"summary_large_image","twitter_creator":"@dreamhost","twitter_site":"@dreamhost","twitter_misc":{"Written by":"Luke Odom","Est. reading time":"23 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#article","isPartOf":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/"},"author":{"name":"Luke Odom","@id":"https:\/\/www-dev.dreamhost.com\/blog\/#\/schema\/person\/89b848f30904144bdbed4743605a55db"},"headline":"Everything You Need To Know About WordPress Security (+20 Hardening Tips)","datePublished":"2023-07-20T14:00:04+00:00","dateModified":"2025-10-29T13:52:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/"},"wordCount":4847,"publisher":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/#organization"},"image":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Hero-Image.jpg","articleSection":["Performance &amp; Security","Tutorials","WordPress"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/","url":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/","name":"How Secure Your WordPress Site (25 Hardening Tips)","isPartOf":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#primaryimage"},"image":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Hero-Image.jpg","datePublished":"2023-07-20T14:00:04+00:00","dateModified":"2025-10-29T13:52:27+00:00","description":"While WordPress is secure out of the box, these additional WordPress hardening tips will ensure your site is fully secure and ready for anything.","breadcrumb":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#primaryimage","url":"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Hero-Image.jpg","contentUrl":"https:\/\/www-dev.dreamhost.com\/blog\/wp-content\/uploads\/2022\/10\/WordPress-Security-Tips-Hero-Image.jpg","width":1460,"height":1095,"caption":"WordPress Security Tips Hero Image"},{"@type":"BreadcrumbList","@id":"https:\/\/www-dev.dreamhost.com\/blog\/secure-your-wordpress-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dhblog.dream.press\/blog\/"},{"@type":"ListItem","position":2,"name":"Everything You Need To Know About WordPress Security (+20 Hardening Tips)"}]},{"@type":"WebSite","@id":"https:\/\/www-dev.dreamhost.com\/blog\/#website","url":"https:\/\/www-dev.dreamhost.com\/blog\/","name":"DreamHost Blog","description":"","publisher":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www-dev.dreamhost.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www-dev.dreamhost.com\/blog\/#organization","name":"DreamHost","url":"https:\/\/www-dev.dreamhost.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www-dev.dreamhost.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/dhblog.dream.press\/blog\/wp-content\/uploads\/2019\/01\/dh_logo-blue-2.png","contentUrl":"https:\/\/dhblog.dream.press\/blog\/wp-content\/uploads\/2019\/01\/dh_logo-blue-2.png","width":1200,"height":168,"caption":"DreamHost"},"image":{"@id":"https:\/\/www-dev.dreamhost.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/DreamHost\/","https:\/\/x.com\/dreamhost","https:\/\/www.instagram.com\/dreamhost\/","https:\/\/www.linkedin.com\/company\/dreamhost\/","https:\/\/www.youtube.com\/user\/dreamhostusa"]},{"@type":"Person","@id":"https:\/\/www-dev.dreamhost.com\/blog\/#\/schema\/person\/89b848f30904144bdbed4743605a55db","name":"Luke Odom","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c56e64d8cecd561c4e2cb65fc16717105fc6d29044bbd8c78cbd4619a31e7098?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c56e64d8cecd561c4e2cb65fc16717105fc6d29044bbd8c78cbd4619a31e7098?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c56e64d8cecd561c4e2cb65fc16717105fc6d29044bbd8c78cbd4619a31e7098?s=96&d=mm&r=g","caption":"Luke Odom"},"description":"Luke is the Director of IT Operations. He is responsible for the teams that keep operations running smoothly... In his free time, he enjoys reading fantasy\/sci-fi and hanging out with his wife and 4 kids. Connect with Luke on LinkedIn: https:\/\/www.linkedin.com\/in\/luke-odom-039986a\/","url":"https:\/\/www-dev.dreamhost.com\/blog\/author\/dreamhostluke\/"}]}},"lang":"en","translations":{"en":9181,"es":29899,"pt":52833,"de":56159,"pl":56168,"ru":56174,"uk":56180,"it":68912,"fr":71407,"nl":71437},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/posts\/9181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/users\/1036"}],"replies":[{"embeddable":true,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/comments?post=9181"}],"version-history":[{"count":11,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/posts\/9181\/revisions"}],"predecessor-version":[{"id":77019,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/posts\/9181\/revisions\/77019"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/media\/41187"}],"wp:attachment":[{"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/media?parent=9181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/categories?post=9181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www-dev.dreamhost.com\/blog\/wp-json\/wp\/v2\/tags?post=9181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}