WordPress Security Checklist

Posted on May 21, 2019


We have discussed security on our blog at lenghth, but it can’t be stressed enough; do yourself a favor and check these must-do’s to keep your WordPress site secure!

USE SECURE HOSTING

First and foremost is secure hosting – don’t go for the cheapest package you can find; that’ll make it too easy for your site to be attacked and therefore make your hosting needs become a frustration.

HIDE WORDPRESS IDENTIFIERS

This means you have to make sure you hide anything that shows your site is that of WordPress. A perfect example is the “wp-admin” login page, which can be changed using security plugins like “All-in-One WP Security”. The ‘created on WordPress’ tagline is one you should remove ASAP as well.

INSTALL A SECURITY PLUGIN

This cannot be stressed enough because it makes security and management thereof so much easier. One way to find a plugin that suits your needs is Google search “WordPress security plugins for [INSERT INDUSTRY TAG HERE] websites”. For example, if your website is eCommerce-intensive, you can search “WordPress security plugins for eCommerce websites”, and as such might need more robust platform than just a free plugin can do.

The afore-mentioned “WP All-in-One Security” and “WordFence” are both prime examples of free yet secure options for most websites.

KEEP PASSWORDS SECURE

This is obvious but make a password that barely anyone would be able to guess. You do have to keep it in a safe place, though, so one free tool – “BitWarden” – manages all your passwords via “Master Password”.

PROTECT INPUT FIELDS

What we mean by this is, you should make sure everything such as your contact forms have a Captcha system, or some way to prove that such form submissions are not by robots in any way. This even includes your login page, where a security plugin (even a free one) can place a Captcha there so brute force attacks against your website become much more difficult.

GENERATE BACKUPS

This may seem obvious but this is a simple mistake to make and yet perhaps the most costly. A free plugin – “BackWPUp” – can take care of this for you right away and even can be scheduled to run entire backups of your site/s.

STAY UP-TO-DATE

Whether you see a WordPress version, theme or plugin that says it needs updating, do as soon as you can if not right away. It will go a long way towards keeping your site secure.

In fact, There is a way to do this automatically without pressing any buttons! Put this code at the bottom of your “wp-config.php” file:

         define( 'WP_AUTO_UPDATE_CORE', true ); 

Then, put this code at the bottom of your activated theme’s “functions.php” file:

         add_filter( 'auto_update_plugin', '__return_true' );
         add_filter( 'auto_update_theme', '__return_true' );