wordpress security checklist for wordpress websites

WordPress Security Checklist for WordPress Websites

Here is a simple checklist for WordPress owners and publishers.

WordPress is one of the most popular website platforms because of it’s ease of use however, it has its problems, and it is because of its popularity that hackers use this platform to attempt to inject their malware and malicious scripts.

WordPress Security has become essential today to protect not only your website but your brand reputation.

Unknown Infections

Often WordPress owners are unaware that their website has been hacked. Just because your website has been hacked it doesn’t necessarily mean you will see a strange image when you access your website. Hackers often disguise the fact they have hacked your site as they have injected a mailbot and you are spamming from your IP address.

Use our checklist for the foundation of good WordPress Security:

  1. Clean and remove spyware, malware and viruses from your PC/Mac before entering the backend of your WordPress installation.
  2. Backup your website before you do anything, this is easily done with the use of Backup Buddy.
  3. Never use ‘admin’ as a username.
  4. Always use a strong password.
  5. Stay Updated – Ensure your WordPress Installation and WordPress plug-ins are always up to date. See latest WP Security updates in the resources section below.
  6. Limit Login Attempts – Ensure you reduce the login attempts down to around 3 attempts. Don’t make it easy for the hackers.
  7. Remove unwanted WordPress Themes – When themes are still on your website and they go out of date hackers use these to gain entry. Only have the theme you are using installed and keep that up to date.
  8. Spring Clean – Your WordPress website may have other folders on the root of your server. Do you really need them or are they development areas. If you don’t need to folders delete them.
  9. Your Hosting Company – Make sure you are using a hosting company that specializes in WordPress installations. WordPress servers need special attention to protect your website.
  10. Double layer Authentication – Use an added layer of security.

Summary

Whilst the checklist above is not an exhaustive list, it is a foundation level of security. Protection is the start of the process, monitoring your website on a daily basis is important. We realize that many website owners just don’t have time or the knowledge, so we provide 3 services that can be found in the resources section below.