hardening
2 articles with this tag
Security by framework — defenses specific to the stack you use
Whatever framework you use, the *types* of weakness attackers hit are largely the same (access control, secrets, injection, dependency CVEs, misconfiguration). What differs is each framework's 'dangerous defaults' and 'the spot most often targeted.' This site provides, per framework, the default pitfalls and the hardening steps. Start with the chapter for the stack you actually use.
WordPress security — why it's targeted and the minimum defenses
WordPress has the largest share, so it's statistically the biggest target. The entry points are less the core than plugin/theme vulnerabilities, skipped updates, weak/reused admins, and exposed admin surfaces (wp-admin/xmlrpc/REST enumeration). Defenses: automate core+plugin updates, delete unused plugins/themes, strong password + 2FA for admins, limit admin exposure and login attempts, tamper detection plus offline backups.