Home > CMS- Content Management System > WordPress > WordPress security checklist – How to secure your WordPress website?

WordPress security checklist – How to secure your WordPress website?

Aarti Khairnar WordPress 0

Hosting

  1. Ideally on a dedicated instance or server

  1. For shared hosting, ensure that sites are isolated or “jailed”

  1. Run an https-only website.

 User Management

  1. Grant only as much access as is needed
  2. Review your user list frequently, deleting those that are obsolete, downgrading roles
    where possible

WordPress Core, Themes and Plugins

  1. Enable auto-updates wherever possible / practical
  2. Check for updates frequently (at least weekly) and install them as soon as possible
  3. Only download themes and plugins from trusted sources
  4. Remove all unused themes, plugins and old unused WordPress installations immediately

Authentication

  1. Ideally use 2-factor authentication
  2. Require strong passwords for all users
  3. Ensure that your login page is running on an https page
  4. Limit the rate of login attempts

Server Administration

  1. Only communicate with your server using an encrypted connection (sFTP for file transfer or SSH for shell access)
  2. If you connect to your server over a public network, use a VPN
  3. Secure access to your wp-config.php file, including copies
  4. Secure access to your backups, log files, test files, temporary files and other PHP
    applications on your web server
  5. Backup your WordPress files and database at least weekly
  6. Use a strong password for your MySQL database user
  7. Install a WordPress security plugin like Wordfence

Features to Look for in a WordPress Security Plugin

  1. Malware scanning
  2. Brute-force login protection
  3. Protection against hacker recon techniques
  4. A WAF with regular rule-set updates
  5. Rate based throttling and blocking
  6. Two-factor authentication
  7. Password auditing
  8. Country blocking
  9. Advanced blocking techniques

Secure Your Work Environment

  1. Protect your internet connection by using a VPN, especially on public networks
  2. Only install trusted software on your workstation and mobile device
  3. Use a reputable virus scanner
  4. Protect your devices with strong passwords
  5. Watch out for phishing, spear phishing and social engineering attacks

Take Steps to Detect Hacks Early

  1. Visit your site often
  2. Search for your website in Google frequently
  3. Set up email alerts in Google Search Console
  4. Use a malware scanner and set up email alerts
  5. Investigate customer reports immediately
  6. Use a source code scanner to verify site integrity
  7. Use a website monitoring service that detects site changes
  8. Watch for unexplained spikes in site traffic
This Article is TAGGED in , . BOOKMARK THE permalink.

Aarti Khairnar

Related articles

WordPress Security checklist for Developers and Testers

Security scenarios to be check for WordPress site 1. Issue/Scenario - Access WordPress

Google Analytics- Custom dimensions and metrics with Example

Dimension and Metrics allows you to analyze how users are interacting with content on

Add Videos using media upload URL in WordPress

We have seen how to add WordPress media upload button in a

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">