32 Step WordPress website security ultimate checklist-directory

In the first quarter of 2016 WordPress security Trend Report that more than 8000 sites have been hacked due to 3 overdue plug-ins triggered. This left a deep impression on WordPress users. So, how can you protect your WordPress website? Today, we will share a 32 step WordPress website security ultimate checklist-directory to protect your WordPress site from intrusion.

32 Step WordPress website security ultimate checklist

Website security is critical.

Whether your site is a personal blog or corporate website, Website Data Security is very important.

There are many users who always feel that they are just a small website, should no one be interested, no one will specifically come to black their own website. But in fact, it is not. Hackers looking for sites, often through the program to automatically find, not manually one by one to find, so which sites caught, are random.

32 Step WordPress website security ultimate checklist-directory

We also recommend our readers to use professional WordPress hosting services. Almost every two months there will be a user response to us about website hacking issue. Most of these sites are also common business or personal websites. Some of these sites are the home page into a terrorist organization skull, some become an accomplice of fraudulent phishing sites, as well as outgoing spam.

As the WordPress security trend report said that if your Website is hacked does not mean that open source platforms like WordPress are insecure. Because these platforms themselves will be the first to patch the vulnerabilities found. Their security is higher than other software. The main reason is that the site is hacked, the user is not updated to the latest version, and the use of unreliable sources or outdated extensions, including themes, plug-ins.

So, how do you ensure the security of your WordPress site? In addition to choosing safe and reliable WordPress hosting, the following 332 step WordPress website security ultimate checklist-directory can help you protect your website.

32 step WordPress website security ultimate checklist-directory – table of contents

This is a well-known site from abroad WPMU DEV recommended safety checklist, which basically involves the various aspects of the common security issues. Let’s take a look at this list together, and we’ll cover in detail how to do a 32-Step security check in the next few days:

32 steps WordPress website security: Step 1 ~ 5

  • Keep using the latest version of WordPress;
  • Do not modify the WordPress kernel code;
  • Make sure all plugins are updated to the latest version;
  • Remove all inactive, inactive plug-ins;
  • Make sure all themes are updated to the latest version;

32 steps WordPress website security: step 6 ~ 12

  • Install only plugins, themes and scripts downloaded from its official website;
  • Choose a secure WordPress hosting provider;
  • Make sure your website is running on the latest version of PHP;
  • Modify the default admin user name;
  • Use a strong and secure password;
  • Do not reuse passwords;
  • Do not use text format to save passwords;

32 step WordPress website security: step 13 ~ 17

  • Update your website only in trusted networks;
  • Local computer to install antivirus software;
  • Use similar services like Google Search Console to monitor website security;
  • Secure your WordPress site with security plugin;
  • If the other steps fail, use the Backup File Recovery site;

32 steps WordPress website security: step 18 ~ 22

  • Restricting the behavior of trying to sign in;
  • Enable two-factor authentication (refer to 25 of the 25 most popular WordPress plugins recommended by this site)
  • Make sure the file permissions are set correctly;
  • Modifying the default database table prefix;
  • Make sure the WordPress secret authentication verification key is set;

32 step WordPress website security: step 23 ~ 27

  • Disable execution of PHP code;
  • Quarantined database;
  • Restrict permissions for database users;
  • File editing is prohibited;
  • Protect wp-config.PHP file security;

32 steps WordPress website security: step 28 ~ 32

  • Disable the XML-RPC feature (if you don’t need it);
  • Disable PHP error reporting;
  • Installing a firewall;
  • Using a CDN firewall;
  • Monitor WordPress site security with security log.

You use the WordPress site users and webmasters, please check against the above list, do a good job site security work, so as not to encounter your site invasion, to bring you greater losses.

Also read: Top 10 Things To Do After Installing WordPress

If you liked this article, then please follow us on social media and don’t forget to Subscribe to our mail list.

You May Also Like

About the Author: WPC Staff

WPCrons staff has long-term experience of WordPress & like to constantly spot problems and plotting how to solve them. We believe you don't need to be a nerd or a programmer or a network engineer to make a difference.

Leave a Reply

Thanks for choosing to leave a reply. Your opinions and comments are very important to us, and your email address will NOT be published. If you need a private conversation then use our contact form. Please add an avatar if you do not have and make the comment section more beautiful.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Accept! No, thanks!

Why my browser don’t show me the coupon?

By default, Google Chrome and some other browser block pop-ups from automatically showing up on your screen. When a pop-up is blocked, the address bar will be marked Pop-up blocked Pop-up blocked.

ComputerAndroidiPhone & iPad

  1. On your computer, open Chrome.
  2. At the top right, click More More and then Settings.
  3. Under “Privacy and security,” click Site settings.
  4. Click Pop-ups and redirects.
  5. At the top, turn the setting to Allowed or Blocked.

  1. On your Android phone or tablet, open the Chrome app Chrome.
  2. To the right of the address bar, tap More More Settings.
  3. Tap Site settings and then Pop-ups and redirects.
  4. Turn Pop-ups and redirects on or off.

  1. On your iPhone or iPad, open the Chrome app Chrome.
  2. Tap More More and then Settings Settings.
  3. Tap Content Settings and then Block Pop-ups.
  4. Turn Block Pop-ups on or off.

Share via


Subscribe to get FREE updates

Join 1000s of readers around the globe. Don’t worry. We also don’t like Spam. We are weekly.


We are using affiliate links & images from respective product sites in our articles occasionally, means that if you click on one of the links and purchase an item, we may receive a commission (at no additional cost to you). All the reviews & opinions (positive or negative) are 100% our own. We are not getting any money to write them. The trademarks mentioned in this website belong to the respective companies. All the articles are information purpose only, to help someone to educate & save money. In case any problem with the content, you can reach us anytime through our contact us page »