WordPress Security Tasks

A checklist from Kristen Wright at iThemes

Web security is a big deal. Keeping a website secure is incredibly important. Case in point, Equifax. Here are some tips for maintaining WordPress security from Kristen Wright at iThemes. I expanded on Kristens recommendations a bit. The iThemes Toolbox is one of many good tools out there. Some of these points are specific to iThemes Toolbox, but have comparable settings in other security plugins.

Update WordPress core to latest version

Use a WordPress security plugin like iThemes Security, Wordfence or Sucuri to help perform important WordPress security tasks

Enable 404 Detection because of phishing and other attempts

Enable the Banned Users setting to block specific IP addresses and user agents from accessing your site

Review logs of Banned User IPs

Enable WordPress brute force protection to protect your site against attackers that try to randomly guess login details to your site

Enable Network Brute Force Protection to protect your site against known attackers before they reach your site

Run a WordPress Malware Scan

Enable User Logging to log user actions such as login, editing or saving content and other actions

Disable the File Editor in WordPress Tweaks

Harden WordPress by using the Away Mode setting to limit access to your WordPress login and admin area (for example, overnight or while you’re on vacation)

Whitelist your own IP Address

Review WordPress file permissions

Remove the Admin user

Change WordPress salts & secret keys

Activate and set up WordPress two-factor authentication