Google the followingto see how to enable it if your host offers it:site:yourhost.com two factorFor example if your host is SiteGroundyou would Google the following:site:siteground.com two factor
...or wherever your domain's nameservers are pointed to and your DNS records are managed.
Google the followingto see how to enable it if your registrar offers it:site:yourregistrar.com two factorFor exampleif your registrar is GoDaddy you should switch to Namecheap, but you would Google the following for now:site:godaddy.com two factor
You need to make sure everything is up-to-date, especially plugins or themes with security exploits identified. Managed hosts will help automate updates and patch security holes. They also achieve better performance as they're optimized specifically for WordPress hosting.
iThemes Security Pro + Sucuri Security = Best Combo
Always use a VPN when logging into your site from public wifi or your login credentials could be compromised
Add the following code to your website's .htaccess file to enable security header protections and block access to wp-config as recommended by the Sucuri Security plugin:<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
</IfModule>
<files wp-config.php>
order allow,deny
deny from all
</files>
To auto-upgrade WordPress core, add the following line of code to wp-config.php:define( 'WP_AUTO_UPDATE_CORE', true );To auto-upgrade WordPress plugins, add the followingline of code to wp-config.php:add_filter( 'auto_update_plugin', '__return_true' );To auto-upgrade WordPress themes, add the following line of code to wp-config.php:add_filter( 'auto_update_theme', '__return_true' );
Scan your site now for free using JitBit's SSL Check
Only utilize plugins and themes that have lots of active sites, good reviews and frequent updates from trustworthy looking authors.
They're just dead weight that if compromised may still impact your security. Just delete them.
If you have any ideas for additional practical WordPress security tips that should be added to the checklist, please share them in the comments below! If you found this checklist useful please do me a favor and share it with your network.
Get notified via email when I post new content.