WordPress Security Checklist

WordPress is a the most popular Content Management system used in the world. Because it is popular, it is usually a target for hackers. No matter what types of content your site has, you are not an exception. If you don’t take certain security  measures, your WordPress Site can be hacked without notice.  Here are some of  WordPress security checklist that you need to consider to improve your web site security.

WordPress Security Checklist

  1. Update WordPress to the latest version
  2. Use Strong Username and Password
  3. Delete themes and Plugins that are not in use
  4. Keep WordPress Plugins  and Themes Updated
  5. Update PHP to the latest Version
  6. Keep a complete Backup of  Your WordPress Website at all times
  7. Enable Plugins and Theme Auto Update
  8. Limit WordPress Admin Login Attempts
  9. Block some specific IP addresses from accessing your site
  10. Use CAPTCHAs ( reCAPTCHAs )
  11. limit access to the wp-admin folder
  12. Use  SSL Certificate to encrypt user  information
  13. Hide Your wp-config.php file
  14. Protect .htaccess file
  15. Change wp-config.php file Permissions 400 or 440
  16. Harden  WordPress security using Security headers
  17. Disable XML-RPC
  18. Disable File Editing in  Appearance menu – WordPress Dashboard
  19. Hide WordPress Version
  20. Use Cloud Flare for DDoS Protection
  21. Use a Reliable & Secure Hosting Provider
  22. disable image hot linking


  1.  Some of the above may be done only once, Other may require continuous monitoring.
  2.  Some of the items can be accomplished by installing  a good security plugin.
  3.  Some security measure require some technical Knowledge

Once  in a while you need to go over this WordPress security checklist and make sure that you take the necessary actions to maximize your  WordPress protection form hackers.

If you don’t have the time to go through the implementation of the above list, you can  our services and we will be happy to do it for you.

Leave a Comment