Securing Your WordPress Site After Installation (Firstserv Guide)
This guide covers recommended steps to strengthen the security of your WordPress website after installation.
Before You Begin
This guide assumes:
- You have enabled SSL (HTTPS) on your domain
- WordPress was installed using Softaculous
- The LiteSpeed Cache plugin is installed (included by default with Softaculous installs)
General Best Practices
Keep Plugins to a Minimum
Using too many plugins can:
- Slow down your website
- Increase the risk of vulnerabilities
- Introduce compatibility issues
✅ Best practices:
- Only install plugins you truly need
- Choose plugins that are regularly updated and well supported
- Check reviews and update history before installing
⚠️ Poorly coded or outdated plugins are one of the most common causes of compromised WordPress sites.
Essential Security Enhancements
1. Install a Web Application Firewall (WAF)
A WAF protects your site from malicious traffic and common attacks.
Recommended plugins:
- Wordfence
- Sucuri Security
These tools offer:
- Firewall protection
- Malware scanning
- Login protection
- Additional hardening features
2. Enable Two-Factor Authentication (2FA)
2FA adds an extra layer of protection to your WordPress login.
- Requires a code from a mobile app or device
- Prevents unauthorised access even if passwords are compromised
Options:
- Built-in with Wordfence
- Plugins such as Google Authenticator or Authy
.htaccess Security Hardening
The .htaccess file allows you to control access and add additional security rules.
Important Notes Before Editing
.htaccessfiles are hidden (enable “Show Hidden Files” in cPanel)- They are typically located in your site’s root directory (e.g.
/public_html) - Always back up your .htaccess file before making changes
- Even a small error can break your website
Recommended .htaccess Rules
Add any of the following snippets to your .htaccess file to improve security.
Protect Your .htaccess File
Protect wp-config.php
Block Access to Core Includes Files
Disable Directory Browsing
Block XML-RPC Access
Why These Changes Matter
These adjustments help:
- Protect sensitive files from unauthorised access
- Prevent common attack vectors
- Reduce exposure of internal system files
- Improve overall site security
Final Recommendations
- Keep WordPress core, plugins, and themes up to date
- Regularly review installed plugins
- Monitor your site for unusual activity
- Use backups and security scanning tools
Summary
To improve WordPress security on Firstserv hosting:
- Minimise plugins and keep them updated
- Install a WAF plugin
- Enable 2FA for login protection
- Apply .htaccess hardening rules carefully
- Maintain regular updates and monitoring
If you need help securing your WordPress site or applying any of these changes, the Firstserv support team is always available to help.
WGS AI Assistant