Skip to main content

How to Make a WordPress Site Secure

wordpress security checklist

Checklist to Make a WordPress Site Secure

This WordPress security checklist is meant to target a non technical user. By this I mean a small business owner, or individual running a WordPress website, not a technical checklist for a WordPress developer. There are a lot of things not on this list that should be, but without the technical knowledge, I don't feel it is worth going into here. Hire a WordPress Developer instead. : )

WordPress Security

WordPress security is not optional. If you don’t secure your WordPress website you will most likely get hacked. For the small investment of time (or cost if you hire a WordPress developer to secure your website for you), it will save you time, money and aggravation down the road.

  1. Keep WordPress core up to date.
  2. Keep Plugins up to date.
  3. Delete inactive plugins you are not using
  4. Delete any themes you are not using.
  5. If you are using the username admin stop it. Create a new user with the role of Administrator and then delete the old one. (In this order, create new first, delete admin user second.
  6. Use a strong password. (Min 8 characters, upper and lower case letters, numbers and symbols.) (This advice applies to all passwords for anything, not just WordPress)
  7. Change your password regularly. (This advice applies to all passwords for anything, not just WordPress)
  8. Don’t use the same password for WordPress for anything else. (This advice applies to all passwords for anything, not just WordPress)
  9. Use HTTPS on your admin side to encrypt data submitted. (These days its recommended to use HTTPS on the front end too)
  10. Backup your code and database regularly. Do not leave it on your web server, download it or store it on cloud service like Dropbox, Google Drive. I recommend UpdraftPlus for this.
  11. There are a lot of security plugins out there. I recommend iThemes Better Security because you can do almost everything from it and not have to install separate plugins for different security features. Warning though – misconfiguring this plugin will lock you out of your site. Hire a WordPress developer to set this up for you.

Comments are closed.