Security Checklist: The Top 7 Best Steps for a Secure WordPress Website
WordPress is used to power over 25% of the world’s ten million largest websites and over 59% of all websites using a CMS. Because of this, WordPress has become a target for hackers and bots.
Table of Contents
If you found this helpful and want to talk… schedule a quick 15 min call with Eric.
Subscribe to My Newsletter
Free tips & tricks delivered once a week. Possibly. Seriously, there are no risks here.
copyright 1997—2021 Eric Rounds LLC
How do you keep your website secure?
WordPress is used by both large corporate companies, and individuals. Therefore, there are also multiple vulnerabilities that hackers try to exploit.
How do you keep your site secure? We employ several approaches to get your site protected and harder to hack… and we call it “hardening” your website. Here’s your Security Checklist: The Top 7 Best Steps for a Secure WordPress Website.
1. Secure Hosting
According to WPTemplate, 40% of hacked sites are due to poor hosting.
2. Secure Passwords
There are a lot of ways of creating strong passwords that you don't need to remember.
Yup, this is still a thing. Do yourself a huge favor and check out this article which will ask “Are my passwords secure?” You’ll learn how to create a secure password that you can actually remember. Therefore, no need to install more password apps.
3. Keep Up-To-Date
Websites are just like software on your computer and need regular maintenance.
Keep your plugins and core updated. This is kind of a no-brainer, yet still a good reminder. Your WordPress website is like software on a server. There are frequent updates, and not just to WordPress; there are updates to your plugins as well.
4. Backup ASAP
Accidents happen therefore it's better to be safe than sorry.
And before you make those updates (should I move this up one?) be sure you have a backup and recovery workflow set in place. Updraft is an excellent backup system I install for my clients. UPDATE: I am switching over to MalCare – This service is really amazing and provides better service than what Updraft and WordFence offer, combined, and costs less. This service is included in my monthly maintenance and care packages.
5. Housekeeping
Trimming down on your uploads makes for lighter quicker backups and recoveries.
Clean up any unused plugins and themes. We all have them. Those plugins that we tried and then deactivated. One of these plugins are for sliders, or image galleries, or megamenus. Well, plugins are like season clothes; If you can’t use them, toss them out of your wardrobe. This service is included in my monthly maintenance and care packages.
6. Manage Users
Secure passwords and limited access are the smart approach to managing multiple users.
Minimize the number of users. There should be only one admin on your site. Any others you can create roles and capabilities for your editors. Your users need to have secure passwords (see above) and the admin can NOT be named admin. That’s a given, right?
7. Security Plugins
There's a plugin for everything… even security, however it's not as simple as just a plugin.
You can find a lot of articles online that list comparisons of WordPress security plugins. There are some very good plugins. I’ve used several and have found WordFence to be my favorite. It had login attempts limitations, country blocking, email notifications and a slew of other great features. That being said… I am now testing Malcare and love it so far!