Wordpress Security Checklist Lock Icon

Security Checklist: The Top 7 Best Steps for a Secure WordPress Website

WordPress is used to power over 25% of the world’s ten million largest websites and over 59% of all websites using a CMS. Because of this, WordPress has become a target for hackers and bots.

How do you keep your site secure? We call it “hardening” your website. Here’s your Security Checklist: The Top 7 Best Steps for a Secure WordPress Website.

1) Secure Hosting

According to WPTemplate, 40% of hacked sites are due to poor hosting. How do you choose the best host for your site? I recommend SiteGround for website hosting. You can also compare Siteground with other hosts:  https://wpshout.com/best-wordpress-hosting-2019/

2) Secure Passwords

Yup, this is still a thing. Do yourself a huge favor and check out this article which will ask “Are my passwords secure?” You’ll learn how to create a secure password that you can actually remember. Therefore, no need to install more password apps.

3) Keep Up-To-Date

Keep your plugins and core updated. This is kind of a no-brainer, yet still a good reminder. Your WordPress website is like software on a server. There are frequent updates, and not just to WordPress; there are updates to your plugins as well.

4) Backup SOP

And before you make those updates (should I move this up one?) be sure you have a backup and recovery workflow set in place. Updraft is an excellent backup system I install for my clients. UPDATE: I am switching over to MalCare – This service is really amazing and provides better service than what Updraft and WordFence offer, combined, and costs less.

5) Housekeeping

Clean up any unused plugins and themes. We all have them. Those plugins that we tried and then deactivated. One of these plugins are for sliders, or image galleries, or megamenus. Well, plugins are like season clothes; If you can’t use them, toss them out of your wardrobe.

6) Managed Users

Minimize the number of users. There should be only one admin on your site. Any others you can create roles and capabilities for your editors. Your users need to have secure passwords (see above) and the admin can NOT be named admin. That’s a given, right?

7) Security Plugins

You can find a lot of articles online that list comparisons of WordPress security plugins. There are some very good plugins. I’ve used several and have found WordFence to be my favorite. It had login attempts limitations, country blocking, email notifications and a slew of other great features. That being said… I am now testing Malcare and love it so far!

Purchase Website Audit

Is your site serving you? Find out with a comprehensive Website Assessment Report.

  • Info
  • Analytics
  • Message

Subscribe to My Newsletter

Free tips & tricks delivered once a week. Possibly. Seriously, there are no risks here.

Hello Facebook Visitor…

Are you looking for a new website?