The most popular CMS, thousands of plugins and themes, and millions of users - this is WordPress. The question is whether, alongside the enormous number of features that WordPress offers right after installation, it also provides adequate security. Although today’s threats to WordPress mostly come from poor-quality plugins and themes, it is still a good idea to take a few steps to improve the overall security of a WordPress instance.
By reading the article “Hardening WordPress,” published in the “Programista” 11/2016 magazine, the reader can learn, among other things, how to stop WordPress from disclosing unnecessary information and what threats may result from user enumeration. In addition, the text explains step by step how to enable two-factor authentication using Google Authenticator, and how an attacker can move from a Cross-site Scripting vulnerability to Remote Code Execution by using the plugin and theme editor.
Update Jul 7, 2017: this article was published on sekurak.pl.