Tips & Tricks for DIY WordPress security

The importance of getting a proper WordPress security policy in place, including a backup plan for worst case scenarios, cannot be over stated. However, there are a few simple things you can do in the meantime to help make your WordPress install less vulnerable.

1.Ensure that your site is backed up.

If you don’t already have an automated off-server backup plan in place take a few manual backups at regular intervals. Its better than nothing and may prove a life saver if your WordPress site is hacked.

2. Delete any old public WordPress installs and any unused software

Sign in to your WordPress hosting using FTP or a file manager via your CPanel. You need to be able to view all files in your hosting account. Check to see if you have any old WordPress installations lying around. For example in a directory called ‘backup’, ‘baks’, ‘bus’, ‘old_wordpress’ or something similar.

If you are unsure what is what inside your hosting, ask your hosting provider or a developer. Don’t delete anything without knowing what it is first.

3. Delete any themes, plugins or extensions that you don’t need inside your WordPress install

Login to your WordPress site and go to Plugins > Installed Plugins. Delete any plugins that you no longer use. Check everything else and make sure you recognize it and use it. Unused plugins would be marked as ‘inactive’ within the WordPress CMS.

Do the same for WordPress themes. Go to Appearance > Themes. Then delete any themes that are not active. Note: be careful not to delete the parent theme for a child theme (if you use one). The Child theme has dependencies on the parent.

Deleting old extensions, plugins and themes simply reduces the number of potential entry points for a hacker.

4. Secure your WordPress admin accounts and CPanel

Login and delete any user accounts not needed and strengthen passwords on any active user accounts.

5. Update absolutely all software in your hosting account

You need to bring everything up-to-date.

Update all WordPress core installations.
Update all WordPress plugins.
Update all WordPress themes.
If you hosting provider allows update your php version

note: be careful if updating a custom theme. consult a WordPress developer first.