Eric Rounds 

Wordpress Security Checklist Lock Icon

Security Checklist: The Top 7 Best Steps for a Secure WordPress Website

WordPress is used to power over 25% of the world’s ten million largest websites and over 59% of all websites using a CMS. Because of this, WordPress has become a target for hackers and bots.

How do you keep your website secure?

WordPress is used by both large corporate companies, and individuals. Therefore, there are also multiple vulnerabilities that hackers try to exploit.

How do you keep your site secure? We employ several approaches to get your site protected and harder to hack… and we call it “hardening” your website. Here’s your Security Checklist: The Top 7 Best Steps for a Secure WordPress Website.

Page Contents:

  • Secure Hosting
  • Secure Passwords
  • Update Core & Plugins
  • Backups Are Mandetory
  • Housekeeping
  • Manage User Accounts
  • Security Plugins

1. Secure Hosting

According to WPTemplate, 40% of hacked sites are due to poor hosting.

How do you choose the best host for your site? I recommend SiteGround for website hosting. You can also compare Siteground with other hosts:  https://wpshout.com/best-wordpress-hosting-2019/

2. Secure Passwords

There are a lot of ways of creating strong passwords that you don't need to remember.

Yup, this is still a thing. Do yourself a huge favor and check out this article which will ask “Are my passwords secure?” You’ll learn how to create a secure password that you can actually remember. Therefore, no need to install more password apps.

3. Keep Up-To-Date

Websites are just like software on your computer and need regular maintenance.

Keep your plugins and core updated. This is kind of a no-brainer, yet still a good reminder. Your WordPress website is like software on a server. There are frequent updates, and not just to WordPress; there are updates to your plugins as well.

4. Backup ASAP

Accidents happen therefore it's better to be safe than sorry.

And before you make those updates (should I move this up one?) be sure you have a backup and recovery workflow set in place. Updraft is an excellent backup system I install for my clients. UPDATE: I am switching over to MalCare – This service is really amazing and provides better service than what Updraft and WordFence offer, combined, and costs less. This service is included in my monthly maintenance and care packages.

5. Housekeeping

Trimming down on your uploads makes for lighter quicker backups​ and recoveries.

Clean up any unused plugins and themes. We all have them. Those plugins that we tried and then deactivated. One of these plugins are for sliders, or image galleries, or megamenus. Well, plugins are like season clothes; If you can’t use them, toss them out of your wardrobe. This service is included in my monthly maintenance and care packages.

6. Manage Users

Secure passwords and limited access are the smart approach to managing multiple users.

Minimize the number of users. There should be only one admin on your site. Any others you can create roles and capabilities for your editors. Your users need to have secure passwords (see above) and the admin can NOT be named admin. That’s a given, right?

7. Security Plugins

There's a plugin for everything… even security, however it's not as simple as just a plugin.

You can find a lot of articles online that list comparisons of WordPress security plugins. There are some very good plugins. I’ve used several and have found WordFence to be my favorite. It had login attempts limitations, country blocking, email notifications and a slew of other great features. That being said… I am now testing Malcare and love it so far!


Purchase Website Audit

Is your site serving you? Find out with a comprehensive Website Assessment Report.

  • Info
  • Analytics
  • Message
  • Last >

Subscribe to My Newsletter

Free tips & tricks delivered once a week. Possibly. Seriously, there are no risks here.

sitemap | Privacy Policy

copyright 1997—2019 Eric Rounds LLC

Hello Facebook Visitor…

Are you looking for a new website?