• Introduction to WordPress front end security: Escaping the things, a CSS-Tricks article
• WordPress front end security: CSRF and nonces, a CSS-Tricks article
• Step-by-step WordPress security guide from WP Beginner
• Wordfence, a security-focused WordPress plugin
• “Is shared hosting secure?” on Quora
• Let’s Encrypt, a free, automated, and open SSL Certificate Authority
• haveibeenpwned.com; check your email / password against existing data dumps
• 1Password, a cross-platform password manager
• PHP version calendar, don’t use an end-of-life release!

Links to a few of the security resources I find useful, some WordPress-specific and some more general.

A note about that “step-by-step” guide: it’s pretty decent, but IMO Wordfence is a better security plugin to go with. Sucuri is maybe more user-friendly, but Wordfence comes with more out-of-the-box (incl. two factor authentication and login limiting) and the settings seem more granular. Doesn’t hurt to try both though to see what’s the best fit.

Last edited 22 June 2019