WordPress Security-How to Secure Your WordPress Site!

How to secure your WordPress site!
First published November 2014. Updated November 2016, December 2017, October 2018.

Taking preemptive action to prevent security breaches to your website is a wise business decision. Here are some of the steps you can take to secure your WordPress website.

  1. Install and configure a security plugin. We use iThemes Security Pro.
  2. Activate Two Step Authentication, also known as Two-Factor Authentication, an excellent method of preventing unauthorized access.
  3. Schedule a daily automated database backup such as Backup Buddy.
  4. Install the Akismet comment spam detector plugin, obtain and insert your API code.
  5. Insert WordPress Salt keys in the wp-config.php file and change them regularly using the Salt Shaker plugin: More information
  6. Update WordPress to the latest version: More information WordPress releases new versions regularly. You should always be using the latest release.
  7. Update all plugins to the latest versions More information, This is very important for security and functionality.
  8. Upgrade your WordPress Theme to the latest version. All modifications to your theme should be made in a child theme, allowing you to always use the latest version of the ‘parent’ theme.
  9. Monitor your site to be notified if the site is ‘down’. We use iThemes Sync.
  10. Backup all WordPress, plugin and theme files to an external location: More Information
  11. Scan the site for malware to ensure the site is safe: More information
  12. Check your Google Search Console for errors.
  13. Scan with Timthumb Vulnerability Scanner and repair any vulnerable files: More information
  14. Remove unused plugins and themes that may have security vulnerabilities
  15. Create and use only strong passwords! Please also see: How to Set Up a Strong Password
  16. Ensure that all passwords are strong: More Information
  17. Check the PHP Error Log and repair any errors: More information
  18. Ask you host to update you to the latest version of PHP. More Information.
  19. Ensure the domain registrar has the correct Whois registration data: More information
  20. Empty comment spam: More information
  21. Install and configure the WordPress Database Manager; schedule regular database repair and optimization: More information
  22. Review File Permissions.
  23. Check the Secunia Advisory and Vulnerability Database for plugin security vulnerabilities: More Information
  24. Obtain an SSL encryption certificate. These are not expensive, we include them in our hosting package, and are a Google ranking factor.

5 Ways to Secure Your WordPress Website
5 Simple Rules for WordPress Login Security
The Top 5 WordPress Security Vulnerabilities and How to Avoid Them
5 Common WordPress Security Issues
Brute Force Attacks: What They Are & How to Prevent Them