This is my guide to protect WordPress. Since April there has been an increase in automated brute force WordPress attacks. Below are a several tips to help secure WordPress and Apache. If you have your own server or VPS, to help reduce brute force attacks the best solution is to use CloudFlare custom “Page Rules”. That will stop the requests before even getting to your server.

To help reduce other vulnerabilities follow the rest of the tips to improve WordPress security. The best advice for this is to stay updated and delete ALL unused themes and plugins. An old theme or plugin that is no longer being developed is potentially very easy for an attacker to exploit through an old vulnerability. This is most likely how an attacker puts a backdoor into a site since WordPress on its own is secure.