WordPress Security-How to Secure Your WordPress Site!

How to secure your WordPress site!
First published November 2014. Updated November 2016 and December 2017.

Taking preemptive action to prevent security breaches to your website is a wise business decision. Here are some of the steps you can take to secure your WordPress website.

  1. Install and configure a security plugin. We use iThemes Security Pro.
  2. Activate Two Step Authentication, also known as Two-Factor Authentication, an excellent method of preventing unauthorized access.
  3. Schedule a daily automated database backup such as Backup Buddy.
  4. Install the Akismet comment spam detector plugin, obtain and insert your API code.
  5. Insert WordPress Salt keys in the wp-config.php file and change them regularly: More information
  6. Update WordPress to the latest version: More information WordPress releases new versions regularly. You should always be using the latest release.
  7. Update all plugins to the latest versions More information, This is very important for security and functionality.
  8. Upgrade your WordPress Theme to the latest version. All modifications should be made in a child theme, allowing your to always use the latest version of the ‘parent’ theme.
  9. Monitor your site to be notified if the site is ‘down’. We use Monitis: More information
  10. Backup all WordPress, plugin and theme files to an external location: More Information
  11. Scan the site for malware to ensure the site is safe: More information
  12. Scan with Timthumb Vulnerability Scanner and repair any vulnerable files: More information
  13. Remove unused plugins and themes that may have security vulnerabilities
  14. Generate strong passwords!
  15. Ensure that all passwords are strong: More Information
  16. Check the PHP Error Log and repair any errors: More information
  17. Ensure the domain registrar has the correct Whois registration data: More information
  18. Empty comment spam: More information
  19. Install and configure the WordPress Database Manager; schedule regular database repair and optimization: More information
  20. Review File Permissions.
  21. Check the Secunia Advisory and Vulnerability Database for plugin security vulnerabilities: More Information
  22. Consider purchasing an SSL encryption certificate. These are not expensive and are Google ranking factors.

Here is a WordPress Security Infographic