WordPress Security is no longer an option. It seems you hear about someone’s website being hacked just about every day. In many cases, the real estate agent could have taken one or two steps to prevent the invasion. While hackers will continue to devise methods to infiltrate blogs and websites, the following checklist will help keep your WordPress site safe.

WordPress Security Checklist

  1. I’ve removed telltale signs that give hackers a clue about my site including:
    • The WordPress version within the website’s header. Don’t tell people what version of WordPress you are running, especially if your version isn’t up-to-date.
    • Remove your admin username and replace it with a unique username and password.
    • Remove the login link from anywhere on the site.
  2. I’ve secured my login and installed plug-ins and systems that do one or more of the following:
    • Limit the number of login attempts an IP address can use within a specific timeframe.
    • Add two-factor authentication, which will require you to enter an additional code to log in.
    • Rename the “wp-login.php” file to something else, such as “log-in.php” or “let-me-in.php” so that hackers cannot know the correct login URL.
  3. I’ve added SSL to my WordPress Admin.
    • Note: You will need to contact your web hosting company to have them implement a Secure Socket Layer (SSL) for your WordPress Admin area.
  4. I’ve established systems to:
    • Scan my site regularly for viruses and malware.
    • Update my plugins and WordPress software.
    • Backup my WordPress site regularly
  5. I’ve created a secure password to log into my website. It includes upper and lowercase letters, numbers and special characters. My password has nothing to do with me or my personal life, so it cannot be guessed, and I have a system to change it at least once every 90 days.
  6. I utilize reputable and trustworthy providers including:
    • Website designers and developers
    • WordPress theme developers
    • Ghost bloggers and guest bloggers
    • Virtual Assistants
      • Each provider is given a unique password and username, and administrative login information is changed after business with the provider is concluded.
  1. I’ve changed the default table prefix in the WordPress database or had it changed for me so that hackers cannot easily access my database.
  2. I’ve uninstalled and removed any and all unnecessary themes, plugins, and users.
  3. I’ve employed the services of a reputable hosting company with demonstrated security practices and systems in place and a reputation for secure hosting.
  4. I’ve created systems to ensure my backup system is working effectively and efficiently. Backing up your WordPress site isn’t a “set it and forget it” event. Create a system to regularly check to make sure your website is backing up effectively.

No blog or website is impervious to hackers. However, when you take these ten steps to protect your site, you’re drastically reducing your odds of trouble. It’s well worth the time and effort up front to protect your business down the road.

Do you need help securing your WordPress website from hackers? If so, we’d be happy to help you out. Set up a free strategy session by clicking here, and we can discuss your options.