WordPress Security Check
On the basis of WordPress most of the known websites and blogs are running nowadays, because the CMS is easy to use and thanks to plugins and snippets it is also easy to extend. But even if WordPress is quite safe by nature, the standard distribution is always a danger. Often a small security hole in one of the plugins or themes used is enough for attackers to take control of their own homepage or integrate malicious code. Again and again, very popular and widespread plug-ins are caught in the process, which suddenly have to struggle with security holes or have been programmed insecurely. For many users this is usually not quite clear, only gradually the providers of the WordPress Security Plugins control the code and thus expose critical gaps again and again. A Online Security Test for WordPress will now indicate if your installation is unsafe and could potentially be compromised.
WordPress Security Scan
The service is called wpRecon and is basically a superficial security check. wpRecon therefore does not check details, but rather goes through the standards. Is the version number of the WordPress version used correctly obfuscated? Is it possible to read out the users (user enumeration)? Is directory indexing deactivated? wpRecon displays such and other standards in a simple and clear way, because exactly such things can be checked very easily and quickly. So with this simple WordPress Security Scan you already know if you at least meet the standards in terms of security, because some things should be kept even by bloody beginners. Personally I like the design and the simple layout of wpRecon quite well, moreover the service is freely accessible and fast, so there is nothing against a little security check. Just do the test and see what comes out. If the test reveals any problems, read on to find out how to fix them.
WordPress Security Snippets and Plugins
Many of you will be presented with one or the other security hole after testing wpRecon. To prevent potential attackers from finding out details about your installation, it is important that such standards are followed and WordPress is obfuscated as much as possible. A few snippets will help. For example, you can quickly and easily sniff out all unneeded Remove header entries from WordPress. Also the XML-RPC interfacethat have been used in the past misused for DDoS attacks should be when you don't need them, completely deactivated will be.
Finally, access via .htaccess must also be blocked. The perfect template, which contains all important standards, you will find here. There are further hints for WordPress Security via .htaccess here. At the end you can also install a firewall, but in many cases this makes no sense at all. If you want to be on the safe side anyway, you should take a look at the free NinjaFirewall Plugin take a closer look. With all the snippets and tricks, your WordPress installation should now be much more secure, or at least meet basic standards.