How to secure your WordPress site!
First published November 2014. Updated November 2016
Taking preemptive action to prevent security breaches to your website is a wise business decision. Here are some of the steps you can take to secure your WordPress website.
- Install and configure a security plugin. We use iThemes Security Pro.
- Activate Two Step Authentication, also known as Two-Factor Authentication, an excellent method of preventing unauthorized access.
- Schedule a daily automated database backup such as Backup Buddy.
- Install the Akismet comment spam detector plugin, obtain and insert the API code.
- Insert WordPress Salt keys in the wp-config.php file and change them regularly: More information
- Update WordPress to the latest version: More information
- Update all plugins to the latest versions More information
- Upgrade your WordPress Theme to the latest version
- Monitor your site to be notified if the site is ‘down’. We use Monitis: More information
- Backup all WordPress, plugin and theme files to an external location: More Information
- Scan the site for malware to ensure the site is safe: More information
- Scan with Timthumb Vulnerability Scanner and repair any vulnerable files: More information
- Remove unused plugins and themes that may have security vulnerabilities
- Ensure that all passwords are strong: More Information
- Install and configure the Wangguard registration spam plugin to remove sploggers: More information
- Check the PHP Error Log and repair any errors: More information
- Ensure the domain registrar has the correct Whois registration data: More information
- Empty comment spam: More information
- Install and configure the WordPress Database Manager; schedule regular database repair and optimization: More information
- Review File Permissions.
- Check the Secunia Advisory and Vulnerability Database for plugin security flaws: More Information
- Consider purchasing an SSL encryption certificate