{"id":32718,"date":"2021-12-18T15:00:17","date_gmt":"2021-12-18T14:00:17","guid":{"rendered":"https:\/\/qodeinteractive.com\/magazine\/?p=32718"},"modified":"2021-12-17T13:17:46","modified_gmt":"2021-12-17T12:17:46","slug":"ultimate-wordpress-security-checklist","status":"publish","type":"post","link":"https:\/\/qodeinteractive.com\/magazine\/ultimate-wordpress-security-checklist\/","title":{"rendered":"The Ultimate WordPress Security Checklist"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]The topic of online security is sometimes hard to approach without sounding like a doomsayer crying that no one\u2019s safe and everyone\u2019s out to get you. While it might be true that the vast majority of people who use the internet are just going about their day and doing perfectly legal things online, there\u2019s still plenty of people who are using it to do bad things. Some of them will try to hack into your website, too.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]If you have a WordPress website, you have a responsibility to keep it reasonably safe. The more data you have on your visitors \u2013 especially if they shop at your website \u2013 the bigger your responsibility is. You have to learn about all kinds of attacks \u2013 <a href=\"https:\/\/qodeinteractive.com\/magazine\/protect-from-wordpress-brute-force-attacks\/\">brute force<\/a>, cross-site scripting, backdoors, DDoS, and good-old phishing \u2013 and then find effective ways to protect your website, yourself as its owner, and the people who use it.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]We\u2019re here to help with the last part \u2013 finding effective ways to protect your website. We\u2019ll share with you the ultimate WordPress security checklist, a list of the most important steps you can take to secure your website.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]The list includes:<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#making-the-best-choices-regarding-hosting\">Making the Best Choices Regarding Hosting<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#securing-passwords-and-the-login-procedure\">Securing Passwords and the Login Procedure<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#backing-up-your-website\">Backing Up Your Website<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#keeping-wordpress-up-to-date\">Keeping WordPress Up to Date<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#following-good-plugin-security-practices\">Following Good Plugin Security Practices<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#following-good-theme-security-practices\">Following Good Theme Security Practices<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#installing-security-plugins\">Installing Security Plugins<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#scanning-your-website\">Scanning Your Website<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#enabling-ssl-https\">Enabling SSL\/HTTPS<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#using-sftp\">Using SFTP<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#managing-users-and-roles\">Managing Users and Roles<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#managing-access-and-functions\">Managing Access and Functions<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#disabling-or-blocking-files\">Disabling or Blocking Files<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;80px&#8221;][vc_widget_sidebar sidebar_id=&#8221;new-top-picks-banner&#8221;][vc_empty_space height=&#8221;80px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"making-the-best-choices-regarding-hosting\"><\/a>Making the Best Choices Regarding Hosting<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"553\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Making-the-Best-Choices-Regarding-Hosting.jpg\" class=\"attachment-full size-full\" alt=\"Making the Best Choices Regarding Hosting\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Making-the-Best-Choices-Regarding-Hosting.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Making-the-Best-Choices-Regarding-Hosting-300x171.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Making-the-Best-Choices-Regarding-Hosting-768x438.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Making-the-Best-Choices-Regarding-Hosting-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>The very first thing you should always do is make sure that the hosting provider you use has decent security measures.<\/strong> Security is, after all, one of the things you should check when <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-choose-wordpress-hosting-provider\/\">choosing a hosting provider<\/a>. <strong>The things you should look for include:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">A firewall and DDoS protection<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Options for IP banning and geolocation-based blocking<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Preference for encrypted connections<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Regular backups<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Regular software updates<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]On your part, you should understand that different hosting packages come with different levels of security, with <a href=\"https:\/\/qodeinteractive.com\/magazine\/vps-vs-dedicated-server\/\">VPS and dedicated hosting<\/a> being the two more secure options.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"securing-passwords-and-the-login-procedure\"><\/a>Securing Passwords and the Login Procedure<\/h2>\n<p>[\/vc_column_text][vc_column_text]There are many steps you can take to make sure that your passwords and login procedure are not your website\u2019s weak spot. <strong>Starting with passwords, you can:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Make sure that anyone using the website creates strong passwords<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Encourage the use of <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-password-manager-tools\/\">good password managers<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Encourage good password-keeping and security practices<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]With passwords, you\u2019re working against human nature to keep all the passwords short and simple, and to stop people from sharing them.<strong> When securing the login procedure, you\u2019ll want to:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Change the default login URL<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Enable <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-two-factor-authentication\/\u017e\">two-factor authentication<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"https:\/\/qodeinteractive.com\/magazine\/add-captcha-to-wordpress\/\">Set up Captcha<\/a> for the login page<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Set a <a href=\"https:\/\/qodeinteractive.com\/magazine\/limit-login-attempts-in-wordpress\/\">limit to login attempts<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Following these steps will go a long way in making your website more secure, even if it makes logging in more tedious. <strong>Find a middle ground between convenience and security while making the website as secure as possible.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"backing-up-your-website\"><\/a>Backing Up Your Website<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Backing-Up-Your-Website.jpg\" class=\"attachment-full size-full\" alt=\"Backing Up Your Website\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Backing-Up-Your-Website.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Backing-Up-Your-Website-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Backing-Up-Your-Website-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Backing-Up-Your-Website-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Even if your website host offers free backups of your website, you should still make sure to set up your backups.<strong> It\u2019s better to have redundancies in place than risk losing your data.<\/strong> Plus, backing up gives you some leeway to perform certain security measures knowing there\u2019s a way to fix things if something goes wrong.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>There are plenty of ways you can back up your website.<\/strong> For example, you can <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-manually-backup-wordpress-website\/\">perform a manual backup<\/a>. You can also use a plugin like <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-backup-with-updraftplus-plugin\/\">UpdraftPlus<\/a>, or one of many other <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-wordpress-backup-plugins\/\">backup plugins for WordPress<\/a>. You can perform targeted backups and <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-backup-wordpress-files\/\">manually backup files<\/a> or <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-backup-wordpress-database\/\">even the database<\/a>.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"keeping-wordpress-up-to-date\"><\/a>Keeping WordPress Up to Date<\/h2>\n<p>[\/vc_column_text][vc_column_text]WordPress just keeps getting better with every update. Still, many people decide to renege on regular updates, often thinking that an update might cause some trouble. In truth \u2013 it could. <strong>Using an old version of WordPress, however, might do even more damage.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>Out-of-date WordPress is a security concern.<\/strong> There are <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-update\/\">several ways to update WordPress<\/a>, and you might as well choose one of them and just get it over with. Just make sure to backup your website first, just in case.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"following-good-plugin-security-practices\"><\/a>Following Good Plugin Security Practices<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Following-Good-Plugin-Security-Practices.jpg\" class=\"attachment-full size-full\" alt=\"Following Good Plugin Security Practices\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Following-Good-Plugin-Security-Practices.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Following-Good-Plugin-Security-Practices-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Following-Good-Plugin-Security-Practices-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Following-Good-Plugin-Security-Practices-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Plugins might be one of the best things about WordPress, right there with themes. <strong>For all the good they can do, it\u2019s also easy for them to turn into potential security concerns.<\/strong> That\u2019s the reason you should always <strong>follow the best security practices regarding plugins, which include:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Try to limit the number of plugins you have installed at any time\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Make sure your <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-update-plugins\/\">plugins are updated<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"https:\/\/qodeinteractive.com\/magazine\/uninstall-wordpress-plugin\/\">Remove any plugins<\/a> you don\u2019t want to use anymore or that are terribly out of date<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Find alternatives for plugins that are old or unsupported by their developer\n<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]These practices shouldn\u2019t be hard to follow, and they\u2019ll keep you reasonably safe from any plugin-related security issues. <strong>You might also keep your ear to the ground regarding plugin vulnerabilities, just in case.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"following-good-theme-security-practices\"><\/a>Following Good Theme Security Practices<\/h2>\n<p>[\/vc_column_text][vc_column_text]<strong>WordPress themes might not pose as many potential risks as plugins, but that doesn\u2019t mean that nothing bad can come from them.<\/strong> Anything that you install on your website is a possible risk. For themes, <strong>you want to make sure that you:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Only <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-install-wordpress-theme\/\">install themes<\/a> from verified, trusted theme developers<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Steer clear from <a href=\"https:\/\/qodeinteractive.com\/magazine\/what-are-nulled-themes\/\">nulled themes<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Make sure your theme is <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-update-a-wordpress-theme-without-losing-customization\/\">always up-to-date<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Uninstall any themes you don\u2019t plan to use<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]It might seem like this list is pushing you towards premium themes. <strong>However, it\u2019s much more important to stick with good developers.<\/strong> For example, you can try out our <a href=\"https:\/\/qodeinteractive.com\/qi-theme\/\">Qi Theme<\/a> and get many of the advantages of a premium theme \u2013 for free.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"installing-security-plugins\"><\/a>Installing Security Plugins<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Installing-Security-Plugins.jpg\" class=\"attachment-full size-full\" alt=\"Installing Security Plugins\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Installing-Security-Plugins.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Installing-Security-Plugins-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Installing-Security-Plugins-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Installing-Security-Plugins-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Just like your computer needs an antivirus, antimalware, or any similar kind of security app, your WordPress website needs a <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-security-plugins\/\">security plugin<\/a>. <strong>These plugins can have a tremendous impact on your website\u2019s security, so you better make sure you pick a good one.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]What to look for in a security plugin? <strong>Activity auditing, monitoring file integrity and blacklists, and general security hardening are just the start.<\/strong> You should also look for a plugin that comes with a firewall, tracking traffic trends, and spam filters. <strong>Keep in mind that you might not find all the features in one plugin and that you might need to opt for a paid version of a plugin to get the most protection.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"scanning-your-website\"><\/a>Scanning Your Website<\/h2>\n<p>[\/vc_column_text][vc_column_text]<strong>If you have a security plugin that\u2019s capable of scanning your website, you should make sure that you do the scanning.<\/strong> Scanning your website can be a part of your <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-maintenance\/\">regular website maintenance<\/a>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Keep in mind that you can expand your toolbelt with <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-free-wordpress-online-security-scanners\/\">online security scanners<\/a>. These tools are specifically designed to poke and prod your website\u2019s security and look for vulnerabilities.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"enabling-ssl-https\"><\/a>Enabling SSL\/HTTPS<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Enabling-SSL-HTTPS.jpg\" class=\"attachment-full size-full\" alt=\"Enabling SSL\/HTTPS\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Enabling-SSL-HTTPS.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Enabling-SSL-HTTPS-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Enabling-SSL-HTTPS-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Enabling-SSL-HTTPS-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>Any eCommerce website or any other website where people leave their information \u2013 even if it\u2019s just an email address \u2013 should ensure an encrypted connection between itself and the browser.<\/strong> With WordPress, doing this is as easy as <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-add-free-ssl-certificate-wordpress\/\">adding an SSL certificate<\/a>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Granted, <a href=\"https:\/\/qodeinteractive.com\/magazine\/add-ssl-wordpress\/#moving-to-https\">moving to HTTPS<\/a> is something that would require a bit of work. Then again, there might be <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-ssl-plugin-for-wordpress\/\">SSL plugins<\/a> that could help you out \u2013 whatever way you do it is okay, as long as you end up with a website that encrypts information it exchanges with its visitors.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"using-sftp\"><\/a>Using SFTP<\/h2>\n<p>[\/vc_column_text][vc_column_text]Even though SSH is <a href=\"https:\/\/qodeinteractive.com\/magazine\/ssh-vs-ssl\/\">easily confused with SSL<\/a>, the two aren\u2019t the same. They both, however, improve your website\u2019s safety. SSL allows people to access your website securely using browsers, and SSH does the same for <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-use-ftp\/\">accessing your website via FTP<\/a>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>When choosing your hosting provider, you should make sure to pick one that supports SFTP \u2013 that\u2019s short for Secure File Transfer Protocol.<\/strong> That \u201cS\u201d makes a lot of difference, so better make sure you can use it.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"managing-users-and-roles\"><\/a>Managing Users and Roles<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Managing-Users-and-Roles.jpg\" class=\"attachment-full size-full\" alt=\"Managing Users and Roles\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Managing-Users-and-Roles.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Managing-Users-and-Roles-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Managing-Users-and-Roles-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Managing-Users-and-Roles-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>More often than not, security and safety come down to the people who have access to your website.<\/strong> All the software and apps in the world can\u2019t save you from malice, bad faith, or just plain laziness. One way to counter that is to practice user management. <strong>You can, for example:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Log the activity of your users, at the very least <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-show-users-last-login-date-in-wordpress\/\">monitor their login dates<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Limit user permissions\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Delete the default admin account and replace it with another one with the same permissions\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Avoid obvious usernames like admin or user\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Set up automatic logging out for idle users\n<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]There are plenty of <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-user-management-plugins\/\">user management plugins<\/a> that can help you with some if not all of the items on this user management list.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"managing-access-and-functions\"><\/a>Managing Access and Functions<\/h2>\n<p>[\/vc_column_text][vc_column_text]Managing users and roles is one thing. <strong>Making sure that some parts of your website can\u2019t be accessed, or that some functions can\u2019t be performed, is a completely different thing.<\/strong> Managing access is something you should be doing when fighting against brute force attacks, for example. <strong>You should:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Password-protect the folder \/wp-admin<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Disable PHP file execution in \/wp-includes, \/wp-content\/uploads, \/wp-content<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Disable directory indexing and browsing<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Change the <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-change-wordpress-database-prefix\/\">database prefix<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Disable <a href=\"https:\/\/qodeinteractive.com\/magazine\/disable-wordpress-theme-and-plugin-editors\/\">theme and plugin editors<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Protect the wp-config.php file<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]There are a couple of things you\u2019ll need to manage access. Most notably, you\u2019ll need a way to <a href=\"https:\/\/qodeinteractive.com\/magazine\/find-htaccess-file-on-wordpress-site\/\">find the .htaccess file<\/a>, but you might also want to make a couple of new ones. You\u2019ll also want to understand at least the <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-database-management-guide\/\">basics of database management<\/a>. Learning how to <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-edit-wp-config-file\/\">edit the wp-config file wouldn\u2019t hurt<\/a>, either.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"disabling-or-blocking-files\"><\/a>Disabling or Blocking Files<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Disabling-or-Blocking-Files.jpg\" class=\"attachment-full size-full\" alt=\"Disabling or Blocking Files\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Disabling-or-Blocking-Files.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Disabling-or-Blocking-Files-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Disabling-or-Blocking-Files-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/12\/Disabling-or-Blocking-Files-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]<strong>WordPress has plenty of files that you don\u2019t need, don\u2019t use regularly, or are simply too risky to leave running in the background.<\/strong> These files and functionalities are best disabled or blocked. <strong>They include:<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">The xmlrpc.php file, which you should disable via a plugin or .htaccess\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">The RestAPI, which you should disable if not using or ensure only authenticated users can access\n<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Licence.txt, wp-config-sample.php, and readme.html, which can be prevented from third-party access with .htaccess\n<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;28px&#8221;][vc_column_text]After you\u2019ve disabled or blocked these files or functions, your website will have fewer attack points for hackers to try and exploit.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">Let\u2019s Wrap It Up!<\/h2>\n<p>[\/vc_column_text][vc_column_text]For website owners or administrators, security is one of the few things they should never skimp on. The possible consequences of taking security threats lightly can be devastating for the owners and users alike.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]If you have a WordPress website, this checklist should help you cover a lot of issues that WordPress website owners face. Keep in mind, however, that there\u2019s no such thing as a definitive list of security issues. While following this checklist is something you should do, it won\u2019t save you from having to keep an eye out for possible threats in the future.<br \/>\n[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>There&#8217;s nothing like a good WordPress security checklist to help you ensure your website and its visitors are safe and sound. <\/p>\n","protected":false},"author":9295,"featured_media":32775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[34,4,13],"class_list":["post-32718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-security","tag-tips","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/32718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/users\/9295"}],"replies":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/comments?post=32718"}],"version-history":[{"count":0,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/32718\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media\/32775"}],"wp:attachment":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media?parent=32718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/categories?post=32718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/tags?post=32718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}