Checking to Ensure Your WordPress Site is Secure

Posted on Apr 1, 2019


You invest a lot of effort and time to keep your site secure. You’ve chosen a reliable host, and you’ve installed some plugins that ensure better security. Now what? Is your site now safe?

Here are a handful of things you can do to make sure your WordPress Site is secure.

PASSWORDS
This one’s obvious: you have to choose a strong password. But: are they unguessable? A password update won’t do any harm if you haven’t changed it in a while.

You could use a password generator (available in WordPress’ “Your Profile” page under “Users), but there’s also “Two-Factor Authentication”, which can be a CAPTCHA, text-message verification, a question to verify it’s you (e.g. “Birthplace”, “name of first pet”, etc.), and much more. Most security plugins like “All-in-One WP Security” have such options available.

ATTACK SURFACES
When someone decides to hack a website, they attack what’s called an “attack surface”, which can be the web applications, themes, and plugins on your website.

Remove any themes, plugins or accounts you don’t or aren’t going to use.

BACKUPS
No one really thinks about backups until a hack occurs. “BackWPUp” is a plugin we highly recommend so you can be ready for a potential attack and you can restore your site with ease.

FIREWALLS
Attacks can happen at anytime. “All-in-One WP Security” has this and much more!

USERS AND THEIR ROLES
Who else has access to your WordPress site? Remove any users that are no longer needed.

SECURITY PLUGINS
This can’t be stressed enough, but “All-in-One WP Security” and others like “WordFence” have plenty to offer such as password checking, malware scanning, the afore-mentioned two-step authentication features, checks for outdated plugins / themes, and much more.