WordPress Hardning is an excellent way to increase the security of your website by adding additional security measures beyond the default settings.
Below is a checklist outlining the main changes we make to protect harden your site against potential threats and vulnerabilities.
- Verifying WordPress is fully updated
- WordPress Core
- All themes and plugins
- Latest PHP Version
- Remove unused themes and plugins
- Scan WordPress for Malware and Vulnerabilities
- Verifying the site is correctly setup for HTTPS encryption and as a valid SSL certificate
- Verifying correct File permissions & Locking down core files
- Verifying the site is backed up
- Verifying all forms have reCAPTCHA or equivalent anti-spam protection on them
- Installing a Security Plugin
- Setting up Cloudflare (Optional)
- Disabling ‘Built In’ File Editing for themes and plugins
- Disabling XML-RPC
- Enabling ‘Brute force Detection’ & Limit Login attempts
- Enabling 2FA for your administrator login
- Restricting access to ‘wp-admin’
- Block PHP execution in untrusted folders
- Provide you a summary report of your website with all the changes performed and it’s current configuration.