Uncover the Hidden Security Flaws That Could Destroy Your Website—And 22 Expert Tips to Stop Hackers Now!
9. Set up multi-factor authentication
Multi-factor authentication (MFA) adds an extra layer of protection to site logins. It requires a second verification step, such as inputting a code from an app or text message. This makes it much harder for attackers to log in, even with stolen credentials.
You can add this functionality to your WordPress site using MFA plugins. WordPress.com supports two-step authentication for all users by default.
10. Apply sensible user roles and permissions
WordPress offers several user roles with clearly defined permissions. These let you control who has access to your site and what they can do on it. Here is the full list:
