Security in Wordpress

Question 1

Q: Why is security important in WordPress?

Answer 1

A: To protect the site from attacks, data breaches, and unauthorised access.

Question 2

Q: What are the most common security threats in WordPress?

Answer 2

A: Brute force attacks, SQL injection, cross-site scripting (XSS), and malware.

Question 3

Q: How can you secure the WordPress admin area?

Answer 3

A: Use strong passwords, two-factor authentication, and limit login attempts.

Question 4

Q: What role does HTTPS play in WordPress security?

Answer 4

A: Encrypts data transfer between the user and the site, preventing interception.

Question 5

Q: What is the purpose of the wp-config.php file?

Answer 5

A: To store critical configuration settings and database credentials.

Question 6

Q: What plugin can you use to limit login attempts?

Answer 6

A: Limit Login Attempts Reloaded.

Question 7

Q: How can you change the default WordPress login URL?

Answer 7

A: Use a plugin like WPS Hide Login.

Question 8

Q: What is two-factor authentication (2FA)?

Answer 8

A: A security method requiring two forms of identification to log in.

Question 9

Q: What function allows you to check login failures?

Answer 9

A: wp_login_failed hook.

Question 10

Q: How do you disable XML-RPC to prevent brute force attacks?

Answer 10

A: Add the following to your .htaccess file:

<Files>
Order Deny,Allow
Deny from all
</Files>

Question 11

Q: Why is it important to use the principle of least privilege?

Answer 11

A: To limit users to only the permissions they need, reducing security risks.

Question 12

Q: How do you check a user’s permissions programmatically?

Answer 12

A: Use the current_user_can() function.

Question 13

Q: How can you secure the wp-admin directory?

Answer 13

A: Use a password-protected .htaccess file.

Question 14

Q: How can you audit user activity in WordPress?

Answer 14

A: Use a plugin like WP Activity Log.

Question 15

Q: Why should you avoid using the default “admin” username?

Answer 15

A: It is commonly targeted in brute force attacks.

Question 16

Q: What permissions should be set for wp-config.php?

Answer 16

A: 400 or 440 to prevent unauthorised access.

Question 17

Q: How can you prevent access to sensitive files like .htaccess and wp-config.php?

Answer 17

A: Add rules in .htaccess to deny access.

Question 18

Q: How do you disable directory listing in WordPress?

Answer 18

A: Add Options -Indexes to the .htaccess file.

Question 19

Q: How can you secure file uploads in WordPress?

Answer 19

A: Use a plugin to scan uploads for malicious content.

Question 20

Q: What is the purpose of the DISALLOW_FILE_EDIT constant?

Answer 20

A: Prevents file editing through the WordPress admin dashboard.

Question 21

Q: Why should you avoid using nulled plugins and themes?

Answer 21

A: They often contain malware or malicious code.

Question 22

Q: How can you update plugins and themes automatically?

Answer 22

A: Add the following to your wp-config.php:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );
add_filter( ‘auto_update_theme’, ‘__return_true’ );

Question 23

Q: How do you check plugins for known vulnerabilities?

Answer 23

A: Use a plugin like Wordfence or Sucuri Security.

Question 24

Q: What should you do before installing a new plugin?

Answer 24

A: Check its reviews, update frequency, and compatibility.

Question 25

Q: Why is it important to delete unused plugins and themes?

Answer 25

A: They can be exploited if not updated.

Question 26

Q: How can you change the default WordPress table prefix?

Answer 26

A: Update the $table_prefix variable in wp-config.php.

Question 27

Q: How do you back up a WordPress database?

Answer 27

A: Use a plugin like UpdraftPlus or WP-CLI’s wp db export.

Question 28

Q: How can you secure database access?

Answer 28

A: Use strong database passwords and limit user privileges.

Question 29

Q: What is the purpose of the DISALLOW_UNFILTERED_HTML constant?

Answer 29

A: Prevents users from adding unfiltered HTML, reducing XSS risks.

Question 30

Q: Why should you limit the number of database connections?

Answer 30

A: To reduce potential access points for attackers.

Question 31

Q: What is a Web Application Firewall (WAF)?

Answer 31

A: A security layer that filters and monitors HTTP traffic to prevent attacks.

Question 32

Q: Name a popular WAF plugin for WordPress.

Answer 32

A: Wordfence Security or Sucuri Firewall.

Question 33

Q: What is reCAPTCHA, and how can it be used in WordPress?

Answer 33

A: A tool to prevent spam and bots, often added to login and comment forms.

Question 34

Q: How can you monitor suspicious activity on your WordPress site?

Answer 34

A: Use a plugin like iThemes Security or Sucuri.

Question 35

Q: How do you block IP addresses in WordPress?

Answer 35

A: Use .htaccess or a security plugin.

Question 36

Q: Why should you regularly update WordPress, plugins, and themes?

Answer 36

A: To fix vulnerabilities and improve security.

Question 37

Q: Why is it important to back up your WordPress site?

Answer 37

A: To restore your site in case of an attack or failure.

Question 38

Q: What tool can be used to scan for malware on a WordPress site?

Answer 38

A: Wordfence, Sucuri, or MalCare.

Question 39

Q: Why should you monitor your site for changes to core files?

Answer 39

A: To detect and remove malicious modifications.

Question 40

Q: How can you verify the integrity of WordPress core files?

Answer 40

A: Use the wp core verify-checksums WP-CLI command.