How to Secure Your WordPress Website

How To Secure And Protect WordPress Websites is a great concern for WordPress website owners as well as bloggers. WordPress is one of the most famous and popular CMS in the blogging sector. Most bloggers and web developers have a minimum idea about WordPress. 

At present 34% of the websites are created with WordPress for the internet and 25 million users are using WordPress. We, the bloggers and the WordPress developers want to keep their WordPress website safe. 

We, all, should be concerned about security from the beginning of the creation of a website using WordPress.  As because if there is any weakness of the website security it can be hacked by the hackers.

We are noticing that nowadays, threads and at the same time awareness are increasing our increased interest among the website administrator and developers because of the recent cyberattack on the WordPress website. 

Why Is WordPress Security Important?

Here are some stats that will let you know why WordPress security is important!

98% of attacks happen because of plugins. 81% of WordPress vulnerabilities happen because of weak or stolen passwords. 51% of WordPress websites undergo denial of service attacks. 94% of WordPress Websites In 2019 harmful malware is removed by Sucuri 41% of vulnerabilities are caused by your hosting platform. 39% of websites are affected by cross-site scripting. 44% of attacks are experienced due to outdated WordPress versions. 59% of sites suffer from vulnerabilities because of malicious code, malware, and botnets.

That’s why I am sharing my personal and professional experiences. What actually I have been providing as services for my valuable clients for the security of their precious WordPress websites is listed here below.

Here is the WordPress security list: 

This list will be published completely in a continuous way restlessly.  But all should keep in mind that it is not possible to secure each and everything completely. 

Rather we, blog bloggers and web developers as well as website administrators have to have awareness using websites. 

WordPress Security Checklist

1. Primary idea on WordPress Security 

1.1 What is WordPress?
1.2 What is security?
1.3 What is WordPress Security?
1.4 Some ideas for web security.
1.5 What is SQL Injection 
1.6 Cross-Site Scripting 
1.7 File Permission 
1.8 How to Hide WordPress Theme Details Like Name Author 

2. WordPress Installation Alert List

2.1  Install the Latest WordPress Version 
2.2 PHP Update Version Checkup 

3. WordPress Update Awareness

3.1 Theme
3.2 Plugins
3.3 Content 
3.4 Backup 
3.5 Setup Child Theme First  

4. WordPress Update Management

4.1 Admin Username Change -Keep a Username that Cannot be Guessed
4.2 Close Guest Account 
4.3 Control User Role  
4.4 Remove your WordPress version number

5. WordPress Password Security 

5.1 Important tips for password
5.2 Way of creating a strong password
5.3 Hints for saving password
5.4 Safety and security 
5.5 Things not to do for a password
5.6 Some Security Questions for Password 
5.7 How to Enable to WordPress Security Keys

6. wp-admin security 

6.1 Security for wp-admin 
6.2 Security password protection 
6.3 Way of IP Limit for security 
6.4 Security by wp-include 
6.5 Setup 2-Factor Authentication for Login
6.6 How to Restrict WordPress Site Access only Logged in User
6.7 How to Secure Your WordPress Login Page
6.8 How to change default wp-admin url
6.9 How to Disable WordPress Admin Bar for All Users Except Administrators

7. wp-login.php file security 

7.1 wp-login.php file security 
7.2 How to disable the “Lost Your Password” option 
7.3 How to log in error 
7.4 How to increase login Security in WordPress

8. WP-Config Security

8.1 wp-config.php file security 
8.2 Public write access WordPress remove 
8.3 File Permission Changing 
8.4 Ways To Secure wp-config.php File

9. .htaccess Security 

9.1 what is the .htaccess file
9.2 .htaccess file security by hypertext access
9.3 Block Internet Protocol 
9.4 .htaccess file root change 

10. Theme Security

10.1 Theme related Awareness & Security 
10.2 Why not use Free-Premium Theme
10.3 How to remove WordPress version information 
10.4 How to update the timthumb.php file
10.5 search.php security 
10.6 Why not use null theme 
10.7 Disable the Theme Editor
10.8  Enable Auto Updates for Themes

11. Plugin Security 

11.1 Some measurement and observation at installing plugin
11.2 Avoid using plugins so far 
11.3 Use caution when installing plugins
11.4 What is security plugins and  what its functions
11.5 Uses of Firewall 
11.6 Best WordPress Security Plugins for Your Site
11.7 Top 10 WordPress Security Plugins 
11.8 Use a Security Plugin for All-round Protection
11.9 Disable Plugin Editor
11.10 Enable Auto Updates for Plugins 
11.11 Enable Auto Updates for Plugins

12. robot.txt file security 

12.1 What is robot.txt file
12.2 Uses of robot.txt file 
12.3 Why is needed robot.txt 
12.3 String description for robot.txt 
12.4 How to write disallow/ allow for robot.txt 
12.5 A common robot.txt file for WordPress

13. WP-Content 

13.1 WP Content Security 
13.2 How to guess wp-content open
13.3 How to close wp-content directory browsing 

14. Link Security 

14.1 How to change the permalink for security 
14.2 Awareness about no-follow link security 

15. SSH/Shell Access 

15.1 What is Secure Shell 
15.2 Beginners Guide to SSH 
15.3 Create SSH/Shell Access 
15.4 Use Cpanel SSH access
15.5 Access the SSH Command Line cPanel
15.6 Install WordPress over SSH
15.7 Cloud Security – Securing SSH Server and WordPress Site
15.8 using ssh instead of FTP

16. Change the following things

16.1 Change the Author Slug to Hide Your Username
16.2 Change the Database Table Prefix 

17. Uses of Quality & Secure Hosting 

17.1 Use Secure Hosting to Fortify Your Site
17.2 Protect Your Site from DDoS Attacks
17.2 Use SSL to Encrypt the Connection between Your Site and Users
17.4 HTTPS – SSL Certificate
17.5 Understand, and protect, against DDoS attacks
17.6 Make backups regularly to secure your WordPress website

18. Visit Regularly for WordPress Security 

18.2 Backup website Regular Basis 
18.3 Regular Website Configuration & log check 
18.4 Uses of third party plugins installed 
18.5 Security from Google Hacking 
18.6 Setting Configuration File
18.7 Monitor your audit logs
18.9 WordPress Monitoring & Detection

19. Database Security

19.1 WordPress Setup Security  
19.2 Apache Security 
19.3 First test in local site, then add to live the site 
19.4 Hide original user name WordPress database
19.5 Change the WordPress database table prefix

20. 8 Best WordPress Security Plugins to Protect Your Site

20.1 Sucuri
20.2 iThemes Security Pro
20.3 Jetpack Security
20.4 WPScan
20.5 Wordfence
20.6 BulletProof Security
20.7 All In One WP Security & Firewall
20.8 Google Authenticator

21. How to Remove Virus/Malware from Hacked WordPress Website

21.1 How to Remove Virus/Malware from Hacked WordPress Website for FREE
21.2 using WordFence Plugin Tutorial
21.3 Configure from back after site is hacked
21.4 Identify the Hack
21.5 Check with your Hosting Company
21.6 Restore from Backup
21.7 Malware Scanning and Removal
21.8 Check User Permissions
21.9 Change Your Secret Keys
21.10 Change Your Passwords again

There are currently about 64 million websites developed by WordPress in the world and 400 million people visit the WordPress website every month. 661 websites go live daily on the internet and the website is more interactive by adding many more features from this WordPress website with about 50,000 WordPress plugins.  That’s why WordPress Website Security Checklist is very necessary for every WordPress developer and blogger. You can also read this article: How to Conduct a WordPress Security Audit

You can Protect your WordPress Website With WPsayed!.