WordPress multi-site security tips
I have a WordPress multi-site installation, where users can create an account and build a site.
I'm looking for tips to avoid having someone hack one of the sites and inject malicious code in the entire network.
I'm already doing the following:
- Keeping WordPress updated.
- Using only reputable plugins and keeping them updated.
- Using only reputable themes and keeping them updated.
- Using hard to guess usernames and passwords.
- Changing the default login URL from wp-login.php to something else
- Installing WordFence.
Any other tips?
What happens if someone creates a legitimate account and gets into his WordPress site. Can they inject something malicious from there?
Thanks in advance!
-
sophie334 -
Thanks - Reply
{{ DiscussionBoard.errors[11293031].message }} -