Checklist to Make a WordPress Site Secure
WordPress security is not optional. If you don’t secure your WordPress website you will most likely get hacked. For the small investment of time (or cost if you hire a WordPress developer to secure your website for you), it will save you time, money and aggravation down the road.
- Keep WordPress core up to date.
- Keep Plugins up to date.
- Delete inactive plugins you are not using
- Delete any themes you are not using.
- If you are using the username admin stop it. Create a new user with the role of Administrator and then delete the old one. (In this order, create new first, delete admin user second.
- Use a strong password. (Min 8 characters, upper and lower case letters, numbers and symbols.) (This advice applies to all passwords for anything, not just WordPress)
- Change your password regularly. (This advice applies to all passwords for anything, not just WordPress)
- Don’t use the same password for WordPress for anything else. (This advice applies to all passwords for anything, not just WordPress)
- Use HTTPS on your admin side to encrypt data submitted. (These days its recommended to use HTTPS on the front end too)
- Backup your code and database regularly. Do not leave it on your web server, download it or store it on cloud service like Dropbox, Google Drive. I recommend UpdraftPlus for this.
- There are a lot of security plugins out there. I recommend iThemes Better Security because you can do almost everything from it and not have to install separate plugins for different security features. Warning though – misconfiguring this plugin will lock you out of your site. Hire a WordPress developer to set this up for you.
Comments are closed.