The first time I used WordPress was maybe right around this time about a decade ago. I had two websites made in WordPress, and both of them were hacked within weeks. So I immediately stopped using WordPress, and switched to Drupal.
But after talking to a few hardcore developers and learning a thing or two, I decided to give WordPress another shot and boy am I glad I did because it turns out that there’s at least a couple of things everybody’s supposed to do after immediately after installing WordPress to secure the website:
- Change the default login URL. I use the WPS Hide Login plugin.
- Enable brute force protection. After changing the login URL, it’s a good idea to do this so that hackers get locked out after a few failed attempts at guessing your username & password. I use the Loginizer plugin.
- Disable comments. This is because you’ll get spam comments, so it’s best to disable comments until you figure out what comment plugin you decide to use.
And that’s it. After I did the above, I realize that WordPress sucked but that I wasn’t a good developer. I hope this helps out someone. 🙂