Secure Sockets Layer
When any website is created and exposed to the public intranet, then it only takes moments for malicious web bots and spiders to begin attacking the new website. Having a Secure Sockets Layer (SSL) is the most basic and critical requirement of a WordPress site. This is what provides the https://
instead of a http://
before the domain name in the browser. Most hosting providers will include an SSL certificate for new sites. For sites hosted in the cloud or on a custom virtual machine, setting up an SSL certificate will usually need to be done by the person who installs WordPress. Free SSL certificates are available at the Lets Encrypt website.
Security Plugins
If your site is on the public internet, then it is also prudent to have at least one effective security plugin as well. We decided on the widely used All-in-One Security (AIOS) plugin to provide our basic security. The free version provides a robust set of security features including a firewall, a scanner, and spam prevention amongst many other features. It can be very sophisticated but requires little configuration initially. Because the WP Remote plugin provides malware scanning, as described in Our Backup and Export Approach, so far we have been satisfied with the free version of AIOS plugin.