WP Support Desk

Your 24/7 WordPress Support Team

  • Schedule a Call
  • WordPress
  • WordPress Development
  • WordPress Hosting
  • WordPress Maintenance
  • WordPress Plugins
  • WordPress Security
  • WordPress Support
  • WordPress Themes
  • Website Checklist
Home » WordPress Post-Launch Security Checklist

WordPress Post-Launch Security Checklist

Last Updated: March 24, 2023 by Fareena Afzal Leave a Comment

  • Total0

Congratulations on making your WordPress website live. Looking for website security checklist after making your website live? 

Protecting your WordPress website is like building a fence, having a lock on it with a good security system. WordPress security means protecting your corner of the Internet from hackers that want to steal your data. 

A hacked WordPress website is a nightmare for everyone and your businesses can even lose revenue and brand reputation. Do you know, the cost of cybercrime damages can reach up to $10.5 trillion per year by 2025?

Below, we have listed the WordPress website security checklist to secure your website and protect your data from hackers. Implement these security tips right after making your website live to protect it from different WordPress hacks.

Contents hide
1 1. Keep your version of WordPress up-to-date
2 2. Don’t change WordPress core
3 3. Update all your plugins & themes
4 4. Make sure your site is running the latest version of PHP
5 5. Change the admin username
6 6. Use strong passwords
7 7. Disable PHP execution
8 8. Disable file editing
9 9. Use captcha and spam filter plug-ins
10 10. Malware scan
11 Conclusion

1. Keep your version of WordPress up-to-date

Your website security is the biggest reason for keeping WordPress updated always. When you do not update your WordPress files, you create a security risk and it becomes vulnerable to threats and attacks.

According to a study,  61% of infected WordPress sites were outdated, meaning they didn’t have the latest security updates to patch vulnerabilities.

It is important to keep an eye on the WordPress update. The longer you wait to update WordPress, the more you put your website at risk, Hackers can exploit it.

Always back up your database and website before updating WordPress and don’t neglect updates. 

The benefits of keeping WordPress updated are:

  • Keeps your website secured
  • Fix the bugs of the previous version
  • Includes new features with improved performance
website security checklist - Update wordpress

2. Don’t change WordPress core

WordPress core includes all the “foundational” files that are required for WordPress to work. 

Core WordPress files allow you to do things like:

  • Access the WordPress admin dashboard
  • Add and edit posts and pages
  • Manage users
  • Upload media files
  • Delete content
  • Add tags and categories
  • Allow users to reply and comment

When you update the WordPress core, it overwrites the core installation with new updates included in the release. Don’t forget that If the core has been chopped up, it’ll wipe out all changes. That means the major site section will just stop working.

0.58% of security vulnerabilities originated from WordPress Core. The figure is small but if it contributes, your website will get hacked easily.

WordPress core

3. Update all your plugins & themes

Updating the plugins and themes can increase your website security by patching the vulnerabilities. The developer releases it regularly and strengthening your system against hacking attacks. It the most significant way to keep your website secured.

According to survey, 52% of all WordPress vulnerabilities are caused by out-of-date plugins. Also, In a survey of about 10,000 hackers, it was found that 29% were hacked via a vulnerability in the WordPress theme they were using.

Benefits by updating plugins and the themes are : 

  • Increase your website security
  • Fix all the bugs of the previous versions
  • Features and functionality enhancement 
  • Optimize website speed
website security checklist - Updates themes and plugins

4. Make sure your site is running the latest version of PHP

Updating the PHP version will make your website vulnerable to unpatched security errors. It can also influence your website’s performance and compatibility. 

Benefits of updating the PHP version are : 

  • Better security 
  • Faster websites
  • New features and improvements 

Before updating the PHP version of your website,

  • Take website backup first, this will enable you to revert to your backup in case of any problems.
  • Next, update your software i-e: your WordPress, plugins and themes to maximise likelihood that they’re compatible with the newest version of PHP.
  • And then, check PHP compatibility. If its good, update your PHP version. 
Latest PHP version for security

5. Change the admin username

Default WordPress username makes your WordPress site vulnerable to hackers. By changing these default credentials can reduce the threat of brute force attack. After making your website live, make sure to change the admin username immediately.

Benefits of changing WordPress admin username are:

  • Protection Against Brute Force Attacks
  • Hides WordPress Vulnerabilities
  • Rebrands the Login Page

3 ways to change WordPress admin username are:

  • Manually change the default admin username in WordPress
  • Use plugins to change username
  • Touch the php MyAdmin from cPanel
Strong admin username

6. Use strong passwords

When a WordPress site gets hacked the most common culprits is the website password. Passwords exist as a key to your website, quite literally. Do you know, 8% of WordPress websites are hacked due to weak passwords

If you want to secure your website, take strong measures. Bots can try several thousands of combinations in a minute and get access to the passwords through the dark web. If your password is common or weak, it becomes more easier for bots to crack it.

Your Passwords should contain three of the four character types:

  • Uppercase letters: A-Z
  • Lowercase letters: a-z
  • Numbers: 0-9
  • Symbols: ~`!@#$%^&*()_-+={[}]|\:;”‘<,>.?/
website security checklist - Use strong passwords

7. Disable PHP execution

Disabling the PHP execution can protect your WordPress website from hackers who can try to run malicious code to hack your site. After making your site live, disable PHP execution on priority.

You should prevent all users (except admin) from executing PHP in the uploads folder. Disabling PHP execution in the uploads folder in WordPress is extremely fast and simple. 

Follow these steps to disable the PHP execution

  • Log in to the cPanel and choose File Manager
  • Look for the uploads folder
  • Add the following code to the .htaccess file in this folder

<Files *.php>
deny from all
</Files>

8. Disable file editing

You website’s administrator can easily edit the code of themes and plugins directly from the WordPress dashboard When file editing is enabled. This is a potential security risk. 

Not everyone has the skills to write code and if a hacker breaks in, they would have access to all your data. It better to keep it disabled.

Follow these steps to disable file editing:

  • Log in into control panel and open File Manager 
  • Locate the file wp-config.php and check the box to select it.
  • Click Edit in the menu bar at the top of your screen.
  • Search wp-config for define(‘DISALLOW_FILE_EDIT’, it is usually located towards the bottom.
  • If you’ve found it, check it’s set to “true” (see below). If it’s not there, you need to add it to the bottom of the file, like this:

define(‘DISALLOW_FILE_EDIT’, true);

Thats all!

Disable file editing
WordPress file editing

9. Use captcha and spam filter plug-ins

CAPTCHA is powerful tool for website owners to avoid spam and malicious bots. It can easily differentiate between real users and automated users, such as bots. 

Benefits of adding Captcha in your website are:

  • Preventing ticket inflation
  • Maintaining poll accuracy
  • Preventing false comments

There are two ways to captcha in your website.

  • Using plugins i-e : WPForms, Google reCAPTCHA etc
  • By adding script
captcha image

10. Malware scan

Malware Scanning detect malware and helps you to identify and eliminate any harmful content if your site has been compromised.

If malware exists in your WordPress website, you’ll usually know about it by noticing signs like:

  • Slow website performance 
  • Visitors see error “the site ahead contains malware”.
  • Unknown files or scripts 
  • Pages are filled with harmful links.
  • You’re unable to log in and website generating unwanted pop-ups.

The easiest way to scan your WordPress site for malware detection is to use security plugins. Wordfence is one of the easiest plugins to use for malware detection.

website security checklist- Malware scam

Conclusion 

To conclude, these are some must-have security tips to protect your website after making it live. Every website needs to ensure the safety of its visitors and users. WordPress is open-source software and that’s why popular target for cyberattacks. 

I hope this website security checklist will help you in making your website secure,

A secured WordPress website is a cornerstone of maintaining a high ranking of the site. Practice these security tips to keep your website safe and secure. Each tip will add a layer to keep intruders away from your WordPress site.

Share your experience with these security tips with us in the comments section below. Or if we have missed adding any important point in this website security checklist?

  • Total0

Filed Under: WordPress Security, Website Checklist

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

WordPress Guides

  • What is WordPress? All You Need to Know
  • How to Build a Website – Start With Why
  • How to Build a WordPress Website From Scratch
  • How to Decide the Best Hosting for WordPress
  • What is WordPress Management? All You Need to Know
  • Best WordPress Plugins – Ultimate List
  • Ultimate WordPress Security Checklist – Updated 2020
  • 15 Best WordPress Themes for Blogs, Business & Ecommerce
  • Image Optimization for WordPress in 2020: Everything You Need to Know
  • How to Conduct a WordPress Site Audit – A Compete Guide
  • WordPress Speed Optimization – A Complete Guide

Professional Blog Setup Service In Just $79

Hate wasting time? Our expert blog setup service will save you time & $$$.

Click here to start

You will Get

  • Hosting selection advice
  • WordPress installation
  • Premium theme
  • Contact form setup
  • Pro security plugin
  • Yoast SEO plugin initial setup
  • Speed optimization
footer logo

SERVICES

  • WordPress Development
  • WordPress Support
  • WordPress Maintenance
  • Blog Setup Service

RESOURCES

  • What is WordPress? All You Need to Know
  • How to Build a WordPress Website From Scratch
  • WordPress Website Launch Checklist – Updated 2023
  • Ultimate WordPress Security Checklist – Updated 2023
  • How to Conduct a WordPress Site Audit – A Compete Guide
  • WordPress Speed Optimization – A Complete Guide
  • Yoast SEO Plugin – A Complete Guide for On-Page SEO in 2023

COMPANY

  • About Us
  • Blog
  • Contact WP Support Desk
  • ©2023 WP Support Desk
  • Affiliate Disclaimer
  • Terms of Service
  • Privacy Policy
WP Support Desk is the trading name of BTLtimes.com Limited Registered in England & Wales | Company No: 07204533

Copyright © 2023 · WP Support Desk on Genesis Framework · WordPress · Log in

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT