WordPress Security: Review this Checklist
This WordPress Security Checklist is meant to target a non technical user. By this I mean a small business owner, or individual running a WordPress website, not a technical checklist for a WordPress developer. There are a lot of things not on this list that should be, but without the technical knowledge, I don’t feel it is worth going into here. Hire a WordPress Developer instead. : )
Securing WordPress is not optional. If you don’t secure your WordPress website you will eventually get hacked. For the small investment of time (or cost if you hire a WordPress developer to secure your website for you), it will save you time, money and aggravation down the road.
- Keep WordPress core up to date.
- Keep Plugins up to date.
- Delete inactive plugins you are not using
- Delete any themes you are not using.
- If you are using the username admin stop it. Create a new user with the role of Administrator and then delete the old one. (In this order, create new first, delete admin user second.
- Use a strong password. (Min 8 characters, upper and lower case letters, numbers and symbols.) (This advice applies to all passwords for anything, not just WordPress)
- Change your password regularly. (This advice applies to all passwords for anything, not just WordPress)
- Don’t use the same password for WordPress for anything else. (This advice applies to all passwords for anything, not just WordPress)
- Use HTTPS on your admin side to encrypt data submitted. (These days its recommended to use HTTPS on the front end too)
- Backup your code and database regularly. Do not leave it on your web server, download it or store it on cloud service like Dropbox, Google Drive. I recommend UpdraftPlus for this.
- There are a lot of security plugins out there. I recommend iThemes Better Security because you can do almost everything from it and not have to install separate plugins for different security features. Warning though – misconfiguring this plugin will lock you out of your site. Hire a WordPress developer to set this up for you.