From plugins that promise a layer of security to lofty opinions about file permissions, it’s hard to tell what works. Simply put, a security plan that aims to slow down someone who’s already in your house isn’t really a plan. I’d like to discuss security as the foundation of a site rather than an add-on and approach this idea from the outside looking in. We’ll cover a high-level process on how to enhance security with version control, hosting and access management, third party integrations and more. My goal is to highlight flaws in common practices and present alternative ones to create more secure WordPress sites. As a developer working with businesses and Universities with thousands of hacking attempts per day I’ve learned what works.