There are over 70 million sites depending on wordpress platform to provide beautiful, customizable, fast and secure website. Unfortunately there are 70k hackers depending on the same platform to gain access to your server. No doubt wordpress is the most hacked platform.
Following steps would make your site more secure and less vulnerable to attack.
- Migrate to a static site generator. If for some reason you do not want to migrate, you can go to the below steps
- Put wordpress in a separate instance and take backup every hour. Restore your site from the backup whenever you are attacked.
- Make sure that apache user does not have write access to the site. There is an exception though. upload folder inside wp-content should be accessible for uploading images.
- The above would make upgrading wordpress and installing themes/plugins little cumbersome. You can temporarily make the folders writable by chmod -R 777 wordpress_root and then change it back to 755 after upgrade. Make sure to give 777 access to uploads.
- If you are hosting multiple databases, create a new db user wordpress and give it access to wordpress database only.The above steps will make sure that your site is more secure and you also have capability to restore fast. It has worked for our blogs so far. Hope it works for yours too.