Skip to main content

WordPress Security Checklist

wordpress security checklist

WordPress Security: Review this Checklist

This WordPress Security Checklist is meant to target a non technical user. By this I mean a small business owner, or individual running a WordPress website, not a technical checklist for a WordPress developer. There are a lot of things not on this list that should be, but without the technical knowledge, I don’t feel it is worth going into here. Hire a WordPress Developer instead.  : )

Securing WordPress is not optional. If you don’t secure your WordPress website you will eventually get hacked. For the small investment of time (or cost if you hire a WordPress developer to secure your website for you), it will save you time, money and aggravation down the road.

  1. Keep WordPress core up to date.
  2. Keep Plugins up to date.
  3. Delete inactive plugins you are not using
  4. Delete any themes you are not using.
  5. If you are using the username admin stop it. Create a new user with the role of Administrator and then delete the old one. (In this order, create new first, delete admin user second.
  6. Use a strong password. (Min 8 characters, upper and lower case letters, numbers and symbols.) (This advice applies to all passwords for anything, not just WordPress)
  7. Change your password regularly. (This advice applies to all passwords for anything, not just WordPress)
  8. Don’t use the same password for WordPress for anything else. (This advice applies to all passwords for anything, not just WordPress)
  9. Use HTTPS on your admin side to encrypt data submitted. (These days its recommended to use HTTPS on the front end too)
  10. Backup your code and database regularly. Do not leave it on your web server, download it or store it on cloud service like Dropbox, Google Drive. I recommend UpdraftPlus for this.
  11. There are a lot of security plugins out there. I recommend iThemes Better Security because you can do almost everything from it and not have to install separate plugins for different security features.  Warning though – misconfiguring this plugin will lock you out of your site. Hire a WordPress developer to set this up for you.

Do You Need Help Securing Your WordPress site?

Hire an experienced WordPress developer to properly secure your WordPress website.