Comments on: 7 Vulnerabilities Your WordPress Security Plugins Can’t Protect You From (And How to Fix Them Manually) https://themeisle.com/blog/manually-harden-wordpress-security/ WordPress Tutorials and Reviews for Beginners and Advanced Sun, 16 Feb 2025 20:04:15 +0000 hourly 1 https://wordpress.org/?v=6.5.5 By: Martin Dubovic https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13531 Sun, 16 Feb 2025 20:04:15 +0000 https://themeisle.com/blog/?p=109289#comment-13531 In reply to Frank Gomez.

Thanks for bringing this up, Frank. You’re right that different server setups might require custom configurations. I tried to write this from the perspective of the average WordPress user with a basic shared hosting plan. You could go down a pretty deep rabbit hole with this but then it wouldn’t be an article anymore.

]]>
By: Martin Dubovic https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13530 Sun, 16 Feb 2025 19:51:13 +0000 https://themeisle.com/blog/?p=109289#comment-13530 In reply to voldn.

Hey @voldn. I have a few ideas that could potentially help you troubleshoot, but first I need some information from you:

1. Which specific visitor counter service or plugin are you using?
2. Are you running your own server or using shared hosting?

This will help me better assist you. Thanks.

]]>
By: voldn https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13520 Fri, 14 Feb 2025 03:34:15 +0000 https://themeisle.com/blog/?p=109289#comment-13520 When you place the code in .htaccess, the visit counters stop working, and the loading speed of the site has increased, tell me how to fix disabling the visit counters.

]]>
By: Ivica https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13518 Thu, 13 Feb 2025 13:26:24 +0000 https://themeisle.com/blog/?p=109289#comment-13518 In reply to Milk Snob.

“Regular updates, strong authentication methods, and backups are just as crucial as any security plugin.”
Couldn’t agree more, and that is what I have been doing on all of our sites since 2011. when I started working in WP, and out of all the important security things we must do – No 1 is for me always to setup backup system ASAP (we have several of backup systems: All in one WP migration, our Site Ground hosting daily backups and on some sites also BlogVault), and the 2nd one is to install security tools (Virusdie, MalCare, WP Activity Log, etc.).

]]>
By: Milk Snob https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13517 Thu, 13 Feb 2025 12:47:44 +0000 https://themeisle.com/blog/?p=109289#comment-13517 This is a great reminder that security plugins alone aren’t enough to fully protect a WordPress site. Many users assume that installing a plugin is a ‘set-it-and-forget-it’ solution, but vulnerabilities like outdated themes, weak passwords, and human errors can still leave websites exposed. I especially appreciate the mention of server-side threats and social engineering risks—these are often overlooked. Regular updates, strong authentication methods, and backups are just as crucial as any security plugin. Thanks for shedding light on this!

]]>
By: Frank Gomez https://themeisle.com/blog/manually-harden-wordpress-security/#comment-13473 Sat, 01 Feb 2025 18:25:47 +0000 https://themeisle.com/blog/?p=109289#comment-13473 This is good information but depending on your server stack you might need security headers added to Apache (Nexcess for example)

]]>