The 16Step Checklist for Securing Your WordPress Site

The 16-Step Checklist for Securing Your WordPress Site

We can’t stress enough the importance of having robust site security. When you’re rushing to meet a deadline, properly securing your WordPress site might not be your biggest priority, so we’ve put together a checklist to make sure you don’t miss any of the essentials.

In a sea of over 2 billion websites, it’s understandable why many people don’t think their site is at risk of being hacked.

And if you’ve never been the victim of an attack, you might not worry about the possibility as much as you probably should.

However, it’s better to have the right protection and not need it, than go without and regret it.

We’ve put together a checklist of 16 steps you might want to take when securing your site – which will hopefully make organizing your security a breeze.

1. Opt For Secure Hosting
2. Mask Your Login URL
3. Use a Password Manager
4. Enable Two-Factor Authentication
5. Use Login Timeouts
6. Set up a WAF
7. Harden Your Security With a Plugin
8. Use Plugins to Carry Out Tasks Automatically
9. Take Steps to Prevent DDoS Attacks
10. Regularly Check for Rogue Accounts
11. Secure Your wp-config File
12. Get Your Site an SSL Certificate
13. Prevent Hotlinking
14. Prevent Spam Comments
15. Visit Your Site Regularly
16. Consider a Static Site

Opt for Secure Hosting

You can take every other step in this article and go above and beyond to harden your site, however, if you’re using cheap, shared hosting, it’s like having a reinforced, ultra-strong, titanium front door – and leaving a key under the doormat.

Never make it easy for unwanted visitors (sorry, Devman!)

Without even considering security, shared hosting has enough drawbacks to convince most people to steer clear – but that’s a whole topic in itself. Check out our article on choosing the best type of hosting for your needs for an in-depth look at all of the pros and cons of shared hosting.

Possibly the biggest downside is the lack of security. A vulnerability on someone else’s site could result in the server being compromised and your site coming under attack – through no fault of your own.

Although hosting companies do try and take every precaution to stop malicious attacks like this from spreading, it’s not always possible with shared hosting, as the sites are hosted on the same server.

If you don’t want to worry about what’s going on in your site’s server, opt for VPS or dedicated hosting instead.

WPMU DEV’s hosting gives you dedicated memory, CPU, and SSD storage that is independent of any other sites – including others you host with us!

Top tips:

  • Choose a hosting provider that is renowned for having robust security in place.
  • Don’t skimp out on the price – spending slightly more on good hosting is better than going cheap and getting hacked.
  • Take



This article was written by Kirstan Norman and originally published on WPMU DEV Blog.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

Your email address will not be published. Required fields are marked *

Show Your ❤️ Love! Like Us
Scroll to Top