20 Point WordPress Security Checklist

WordPress is a the most popular Content Management System used in the world. Because it is so popular, it is usually a target for hackers. No matter what types of content your site has, you are not an exception. If you don’t take certain security  measures, your WordPress Site can be hacked without notice. Even if you have a Security plugin installed, You need to review the following  WordPress security checklist once in a while in order  to keep your WordPress Site secured at all times.

20 point Quick WordPress Security Checklist

  1. Update WordPress to the latest version
  2. Use Strong Username and Password and change them regularly
  3. Delete themes and plugins that are not in use
  4. Keep WordPress plugins  and themes always updated
  5. Update PHP to the latest Version
  6. Make a complete Backup of  Your WordPress Website whenever a change is made
  7. Limit WordPress Admin Login Attempts
  8. Block some specific IP addresses from accessing your site.
  9. Use 2 Factor Authorization or  CAPTCHAs ( reCAPTCHAs )
  10. limit access to the WP-Admin folder
  11. Use  SSL Certificate to encrypt user  information
  12. Hide Your wp-config.php and .htaccess files by changing their permissions to 400 or 440
  13. Harden  WordPress security using Security headers
  14. Disable PHP File Editing
  15. Hide WordPress Version
  16. Use Cloud Flare for DDoS Protection
  17. Use a Reliable & Secure Hosting Provider
  18. disable image hot linking
  19. Use and application firewall  (WAF)
  20. Disable XML-RPC, can be done using this free WordPress plugin

Note  Some of the items above can be accomplished by using and configuring a good security plugin. Others can be done manually by using .htaccess or specific plugins.

Leave a Comment