A regular WordPress security checklist should include the following – that we carry out on behalf of our clients :
Login Activity Audit
We have encountered additional administrator accounts on clients websites that no one seems to have created or can account for. As part of a WordPress
Disable PHP Error Reporting
Disable PHP error reporting PHP error reporting can be exploited by hackers to glean information about your hosting, website platform or CMS and where to
SSL Encryption
Install SSL certificate and verify SSL Certificates were once the preserve of ecommerce sites and corporates handling sensitive client data – not so today. For
Disable File Editing
Turn off file editing WordPress allows editing of themes and plugins via the administration panel. Hackers or unauthorised users can subvert the intended use of
WordPress Malware Scan & Fix
A significant proportion of website owners are unaware of malware present in their hosting and infecting their websites – and even if they were they
Disable XML-RPC
Disable XML-RPC XML-RPC allows interaction between blog posts and some plugins. WordPress is essentially a blogging platform on steroids – although these days it is
Remove Surplus Software
Remove unused plugins and themes WordPress can be readily extended through the vast library of software add-ons ; in the main themes and plugins. Some
Update WordPress Softwares
Update core files, plugins and themes WordPress updates should be managed and not updated in stages – as some may be incompatible with current themes