WordPress Security Checklist

Use this free WordPress Security Checklist to ensure that your WordPress site remains protected and secure at all times.

WordPress Security ChecklistThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we provide a WordPress Security Checklist that will help ensure your WordPress site is protected and secure.

***

WordPress Security Checklist

Important Info

*** Important – Read Me ***

Many of the tasks listed in the checklist below can be completed by non-technical users simply by following the tutorials in our WordPress Security training module. Some of these tasks, however, should only be carroed out by more technically advanced users. If you don’t understand what to do or don’t feel confident performing one or more tasks, please ask a professional and experienced WordPress service provider for assistance.

Note

Always backup your WordPress site (database and files) before making any changes to files. Even small mistakes can have disastrous consequences if you are not careful.

Please note that we have no control over the software and services mentioned in this checklist and that under no circumstances will we be held responsible for any losses or damages incurred either directly or indirectly as a result of following the recommendations below.

We also provide a printable version of this checklist at the end of this tutorial. We recommend printing out this checklist and using it as a reference to ensure the continued security of your WordPress site.

Basic Website Security Checklist

WordPress Security Setup Checklist

  • Protect your site against spam (Install an antispam plugin, e.g. Akismet or Bad Behavior)
  • Perform a full security scan of your WordPress files (Install a security scan plugin, e.g. Acunetix WP Security).
  • Secure your WP database (change database table prefix).
  • Option 1: Install a brute-force attack prevention plugin (e.g. Login Lockdown, Limit Login Attempts), or
  • Option 2: Install a comprehensive security plugin (e.g. BulletProof Security, SecureScanPro, etc.)
  • Protect your wp-admin folder.
  • Secure your uploads folder.
  • Secure your wp-config.php file.
  • Delete redundant WordPress core files (e.g. readme.html, install.php, etc.)
  • Set secure permissions for files and folders.
  • Protect server directories (e.g. add empty index.php files to directories)
  • Add a secure admin user.
  • Set correct permissions for users (User Roles and Capabilities)
  • Remove user registration capabilities (if not required)
  • Set up an Intrusion Detection System (Install a file monitoring plugin, e.g. File Monitor Plus)
  • Add Antivirus protection (Install an antivirus plugin, e.g. Antivirus for WordPress)
  • Add Firewall protection (Install a firewall plugin like WordPress Firewall 2, Block Bad Queries, etc …)
  • Enable data logging and archiving.
  • Secure PHP.
  • Set up hosting monitoring (e.g. Sucuri, etc…)

WordPress Security Maintenance Checklist

Schedule the tasks below to be performed on a regular basis:

Critical Website Information Checklist

Have this information handy and keep it in a safe place!

Download a printable copy of this free WordPress Security checklist below.

Hopefully, you have gone through the above checklist and implemented measures that will help ensure your WordPress site is protected and secure.

WordPress Security Checklist

***

"These tutorials have so much information and are easy to understand. If you use WordPress or plan to in the future these will help you with everything you need to know." - Valisa (Mesa, Arizona)

Disclaimer: We have no association with WordPress, Automattic, or any products discussed on this site. We may derive financial benefits from the purchase of any third-party products and services mentioned on this site. All images are the copyright of their respective owners and have been used solely for illustrative or training purposes.

***

Was this post useful? Please use the social buttons below to share this post with anyone thinking of starting or growing a business online.

Author: Martin Aranovitch

Martin Aranovitch is the founder of WPCompendium.org and the author of The Small Business Digital Manager. WPCompendium.org provides hundreds of FREE detailed step-by-step tutorials that will teach you how to use WordPress to grow your business online at minimal cost with no coding skills required!

Originally published as WordPress Security Checklist.