WordPress is a the most popular Content Management System used in the world. Because it is so popular, it is usually a target for hackers. No matter what types of content your site has, you are not an exception. If you don’t take certain security measures, your WordPress Site can be hacked without notice. Even if you have a Security plugin installed, You need to review the following WordPress security checklist once in a while in order to keep your WordPress Site secured at all times.
20 point Quick WordPress Security Checklist
- Update WordPress to the latest version
- Use Strong Username and Password and change them regularly
- Delete themes and plugins that are not in use
- Keep WordPress plugins and themes always updated
- Update PHP to the latest Version
- Make a complete Backup of Your WordPress Website whenever a change is made
- Limit WordPress Admin Login Attempts
- Block some specific IP addresses from accessing your site.
- Use 2 Factor Authorization or CAPTCHAs ( reCAPTCHAs )
- limit access to the WP-Admin folder
- Use SSL Certificate to encrypt user information
- Hide Your wp-config.php and .htaccess files by changing their permissions to 400 or 440
- Harden WordPress security using Security headers
- Disable PHP File Editing
- Hide WordPress Version
- Use Cloud Flare for DDoS Protection
- Use a Reliable & Secure Hosting Provider
- disable image hot linking
- Use and application firewall (WAF)
- Disable XML-RPC, can be done using this free WordPress plugin
Note Some of the items above can be accomplished by using and configuring a good security plugin. Others can be done manually by using .htaccess or specific plugins.