WordPress security

Hi guys,

For this server hosting only WordPress sites with EasyEngine, I’m considering extra security measures. The (free) WordFence plugins seems pretty good.

However: WordFence works on PHP level. I’d rather have something working on the Linux level. Does such a thing exist?

Please share your opinion on WordPress security!

You are on the right track. Putting your WordPress sites under the control of the LEMP (Linux, Engine X, MySQL and PHP) Stack, managing it all with Easy Engine and asking about how to secure your server, instead of just securing WordPress is a good place to start.

Question #1: What does security mean to you?
Question #2: To what extent will you go, to achieve that meaning?

Even satisfying your own meaning of “security” can be maddening, costly and time consuming.

My Opinion?

  1. Start with the WordPress Codex itself: http://codex.wordpress.org/Hardening_WordPress
  2. Try this link at: http://bamajr.com/wordpress/basic-wordpress-security-recommendations/ from my website. Read the article. Then read additional information by following the links provided in that article.

Many, many opinions exist on how to harden (or secure) WordPress. My opinion is kind of a hybrid from many of the opinions provided by “those in the know” (I.E. WordPress, Sucuri & others), as well as the many years of experience I have in web development and server admin.

In the end, though, Mine is just another opinion. So take it for what it is :wink:


The server is pretty hardened. No virus or malware scanner though. All WordPress security measures, as described in the codex and on the Securi blog, are taken as well.

Would you still use an extra plugin such as WordFence or Securi Security? Or is there a better alternative?

Big fan of iThemes security as there’s nice nginx integration.

Hi @Chester

I hope your query is resolved. I am closing this support topic for now.

Feel free to create a new support topic if you have any queries further. :slight_smile: