In the first quarter of 2016 WordPress security Trend Report that more than 8000 sites have been hacked due to 3 overdue plug-ins triggered. This left a deep impression on WordPress users. So, how can you protect your WordPress website? Today, we will share a 32 step WordPress website security ultimate checklist-directory to protect your WordPress site from intrusion.
Website security is critical.
Whether your site is a personal blog or corporate website, Website Data Security is very important.
There are many users who always feel that they are just a small website, should no one be interested, no one will specifically come to black their own website. But in fact, it is not. Hackers looking for sites, often through the program to automatically find, not manually one by one to find, so which sites caught, are random.
32 Step WordPress website security ultimate checklist-directory
We also recommend our readers to use professional WordPress hosting services. Almost every two months there will be a user response to us about website hacking issue. Most of these sites are also common business or personal websites. Some of these sites are the home page into a terrorist organization skull, some become an accomplice of fraudulent phishing sites, as well as outgoing spam.
As the WordPress security trend report said that if your Website is hacked does not mean that open source platforms like WordPress are insecure. Because these platforms themselves will be the first to patch the vulnerabilities found. Their security is higher than other software. The main reason is that the site is hacked, the user is not updated to the latest version, and the use of unreliable sources or outdated extensions, including themes, plug-ins.
So, how do you ensure the security of your WordPress site? In addition to choosing safe and reliable WordPress hosting, the following 332 step WordPress website security ultimate checklist-directory can help you protect your website.
32 step WordPress website security ultimate checklist-directory – table of contents
This is a well-known site from abroad WPMU DEV recommended safety checklist, which basically involves the various aspects of the common security issues. Let’s take a look at this list together, and we’ll cover in detail how to do a 32-Step security check in the next few days：
- Keep using the latest version of WordPress；
- Do not modify the WordPress kernel code；
- Make sure all plugins are updated to the latest version；
- Remove all inactive, inactive plug-ins；
- Make sure all themes are updated to the latest version；
- Install only plugins, themes and scripts downloaded from its official website；
- Choose a secure WordPress hosting provider；
- Make sure your website is running on the latest version of PHP；
- Modify the default admin user name；
- Use a strong and secure password；
- Do not reuse passwords；
- Do not use text format to save passwords；
- Update your website only in trusted networks；
- Local computer to install antivirus software；
- Use similar services like Google Search Console to monitor website security；
- Secure your WordPress site with security plugin；
- If the other steps fail, use the Backup File Recovery site；
- Restricting the behavior of trying to sign in；
- Enable two-factor authentication (refer to 25 of the 25 most popular WordPress plugins recommended by this site）
- Make sure the file permissions are set correctly；
- Modifying the default database table prefix；
- Make sure the WordPress secret authentication verification key is set；
- Disable execution of PHP code；
- Quarantined database；
- Restrict permissions for database users；
- File editing is prohibited；
- Protect wp-config.PHP file security；
- Disable the XML-RPC feature (if you don’t need it）；
- Disable PHP error reporting；
- Installing a firewall；
- Using a CDN firewall；
- Monitor WordPress site security with security log.
You use the WordPress site users and webmasters, please check against the above list, do a good job site security work, so as not to encounter your site invasion, to bring you greater losses.