The most popular CMS, thousands of plugins and templates, millions of users - this is WordPress. The question arises whether, along with the enormous number of functionalities that WordPress has to offer the user right after installation, it also provides adequate security? Although the current source of threats to WordPress lies in poor quality plugins and templates, it’s a good idea to take a few steps to improve the overall security level of one’s WordPress instance.
Reading the article “Hardening WordPress” published in the “Programista” 11/2016 magazine, the reader may learn, among other things, how to stop WordPress from disclosing redundant information or what threats might ensue from the option of user enumeration. In addition, the text provides a step-by-step explanation as to how to enable two-factor authentication using Google Authenticator, and how to proceed from Cross-site Scripting vulnerability to Remote Code Execution using the plugin and templates editor.
Update Jul 7, 2017: this article was published on sekurak.pl.