How to Make a WordPress Site Secure

Modified: February 1, 2021

Checklist to Make a WordPress Site Secure

This WordPress security checklist is meant to target a non technical user. By this I mean a small business owner, or individual running a WordPress website, not a technical checklist for a WordPress developer. There are a lot of things not on this list that should be, but without the technical knowledge, I don’t feel it is worth going into here. Hire a WordPress Developer instead. : )

WordPress Security

WordPress security is not optional. If you don’t secure your WordPress website you will most likely get hacked. For the small investment of time (or cost if you hire a WordPress developer to secure your website for you), it will save you time, money and aggravation down the road.

Use quality web hosting services.
Keep WordPress core code updated.
Keep code plugins up to date.
Delete inactive plugins you are not using.
Delete WordPress themes that are not active.
If you are using the username "admin", stop. Create a new user with the role of Administrator and then delete the old one. (In this order, create new first, delete admin user second.
Use a strong password. (Min 8 characters, upper and lower case letters, numbers and symbols.) (This advice applies to all passwords for anything, not just WordPress)
Change your password regularly. (This advice applies to all passwords for anything, not just WordPress)
Don't use the same password for WordPress for anything else. (This advice applies to all passwords for anything, not just WordPress)
Use HTTPS on your admin side to encrypt data submitted. (These days its recommended to use HTTPS on the front end too)
Backup your code AND database regularly. Do not leave the backup on your web server. Download it or store it on cloud service like Dropbox, Google Drive. I recommend UpdraftPlus for this.
There are a lot of security plugins out there. I recommend iThemes Better Security because you can do almost everything from it and not have to install separate plugins for different security features. Warning though - misconfiguring this plugin will lock you out of your site. Hire a WordPress developer to set this up for you.

To keep WordPress secure, this is not a one time checklist to do and forget it. All of these items need to be reviewed and updated regularly. Many people don’t take the time to keep WordPress secured and ignore it until the site crashes. I promote proactive, regular WordPress maintenance services vs panic mode when your site crashes.

More Advice

Migrating a WordPress Site to a New Host

Migrating WordPress WordPress migration can be a complex process requiring planning and preparation to get

Monthly WordPress Maintenance Services – Is it worth it?

I’ve built and worked on hundreds of WordPress sites. Every quote I provide includes an

Why is my WordPress site so slow?

Reasons Why WordPress is Slow There are lots of possible reasons why websites run slow.

Should I disable WordPress automatic updates?

Automatic updates sound great. They just happen. You don’t have to think about it. There are some significant downsides to enabling automatic updates though.

Free Estimate

Do you need help with your website?

Get answers to your questions about hiring a web developer online to outsource website development, WordPress, maintenance and website support.

Working with a Freelancer Online

How to Hire a Freelance Web Developer

It’s easy with following these simple steps.

Communicate

Clearly email me specific details about the goal of your site and how it should function.

Quote

I will provide a proposal with a solid quote that explains exactly what will be done.

Agree

You agree to terms, sign agreement, send deposit and provide needed logins.

Review/Test

I deliver the finished code to you to review and test the website functions as we defined it.

Deploy

When you sign off that all is good, I send a final invoice and the new website is moved live.

Web Design & Development in the USA

Outsource web development remotely from Virginia Beach, Virginia to a professional & experienced web developer that actually delivers what they commit to.

Get help creating and growing your business on the Internet.

Web development consulting services including design & development to maintenance & support, hosting & SEO.

Development

Support

Get Website Help

Take the stress out of building, maintaining and managing your website by working with a “doer” – committed to delivering what we agree to and solving just about any website issues you may have.

Why hire a Freelance Programmer?

Hire a freelancer when you need help with your website, but don’t need a full time web developer.

With 25+ years experience, I’ve helped hundreds of small businesses build and maintain websites.