Going forward please make sure that all customer and internal Wordpress sites are secured by using the following steps.





  1. REMOVE all unused plugins and themes


  2. UPDATE all plugins and themes


  3. REMOVE the user "admin" and set up "hamish" for the admin function with a complex password (no more Required12 etc)

    • Login as "admin"

    • Create "hamish" with email address of hamish@mywebcare.co.uk

    • SAVE PASSWORD AND SHARE THROUGH LASTPASS

    • Log out "admin"

    • Login as "hamish"

    • Delete user "admin" and assign all content to "hamish" when asked




  4. INSTALL and ACTIVATE “wordfence” plugin to help secure the site properly.

    • https://www.wordfence.com

    • Import the wordfence configuration using the token (copy & paste):  253598dbd43b29215236d8e278e326e4cea0815c7f414f99885e3fb5cbfb99743408895cf7b4827635b6db7f16f87e262c14c79bc7d29bd18b77262a8902c90b