I’m doing a draft of a WordPress site on localhost.
If I am using PHP snippets to do the sort of back-end functionality. How do I know that, when this goes to a real platform, the php code cannot be tampered with? How can I ensure that login information (password especially) is secure? Should I be doing password validation in the PHP snippets, or is there a more secure way?
1 Answer
You cannot be 100% sure you are safe.
Check this Security reading from WordPress.
That been said, there are some things you can do.
- Keeping WordPress Updated
- Keeping theme and plugins Updated
- Use Strong Passwords
- You can use a Security Plugin, although it’s arguable. When a client request it I use Sucuri.
- Change the Default “admin” username
- Limit Login Attempts
- Change WordPress Database Prefix
- Use double authentication
All that won’t be enough but it will give intruders a hard time trying to get in.
