WordPress is a the most popular Content Management system used in the world. Because it is popular, it is usually a target for hackers. No matter what types of content your site has, you are not an exception. If you don’t take certain security measures, your WordPress Site can be hacked without notice. Here are some of WordPress security checklist that you need to consider to improve your web site security.
WordPress Security Checklist
- Update WordPress to the latest version
- Use Strong Username and Password
- Delete themes and Plugins that are not in use
- Keep WordPress Plugins and Themes Updated
- Update PHP to the latest Version
- Keep a complete Backup of Your WordPress Website at all times
- Enable Plugins and Theme Auto Update
- Limit WordPress Admin Login Attempts
- Block some specific IP addresses from accessing your site
- Use CAPTCHAs ( reCAPTCHAs )
- limit access to the wp-admin folder
- Use SSL Certificate to encrypt user information
- Hide Your wp-config.php file
- Protect .htaccess file
- Change wp-config.php file Permissions 400 or 440
- Harden WordPress security using Security headers
- Disable XML-RPC
- Disable File Editing in Appearance menu – WordPress Dashboard
- Hide WordPress Version
- Use Cloud Flare for DDoS Protection
- Use a Reliable & Secure Hosting Provider
- disable image hot linking
- Some of the above may be done only once, Other may require continuous monitoring.
- Some of the items can be accomplished by installing a good security plugin.
- Some security measure require some technical Knowledge
Once in a while you need to go over this WordPress security checklist and make sure that you take the necessary actions to maximize your WordPress protection form hackers.
If you don’t have the time to go through the implementation of the above list, you can our services and we will be happy to do it for you.