Share on facebook
Share on twitter
Share on pinterest
Share on email

WordPress Website Security Checklist

If you are serious about your website, then you need to pay attention to the WordPress security best practices.

I have created a list of 8 quicks actionable steps that you can take to protect your website against security vulnerabilities.

  1. Update WordPress Core, Themes & Plugins
    WordPress websites usually get hacked are due to out of date WordPress core, plugins, or themes. Most updates fix bugs, add new features, and secure any vulnerabilities. I understand that you are a busy business owner and that is why I have created monthly ongoing support packages that will keep your website updated without you even needing to think about it.
  2. Update your password to something strong & secure
    Having a strong password for your website is your number one defense system to protect your website against attacks. Be sure to use a random password generator for your next password.
  3. Delete & rename the default ‘admin’ account
    The number one most used username on WordPress is ‘admin’. This is the first username a hacker will try to crack. To keep yourself safe create a new admin account using ‘yourbusinessname_admin” or something similar and delete the old ‘admin’ account.
  4. Make sure your website has an SSL certificate (HTTPS)
    Without having an SSL Certificate installed you are putting your customers at risk of having their data stolen. Don’t know what and SSL is or know if you have one? Get in touch and I’ll help you out.
  5. Install a security plugin (we recommend WordFence)
    It is important that you have a security plugin installed on your WordPress website to protect you against attacks and provide notifications if they suspect anything suspicious on your website. I recommend using WordFence, I use this on my website and all my client’s sites and have never had a problem.
  6. Delete all unused Themes & Plugins
    Hackers use vulnerable unmaintained plugins and themes to attack users’ websites. There is no reason to keep these unused assets so remove these files.
  7. Use a reliable hosting provider
    Website hosting is one of the key components of every successful website. You need a host that patches against common WordPress-related exploits. I provide WordPress hosting that does this, you can learn more here.
  8. Limit the rate of login attempts
    Stop hackers from being able to guess your password over and over until they get it right. Limiting the failed login attempts will lock a user out if they entered the wrong password more than the specified time. Here is a plugin that will help.

If you need help with any of these tasks please send us a message!

WordPress Website Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Featured Articles



Join our mailing list for regular emails with inspiration, motivation, tips, stories & more.

Follow On Instagram