Skip to content

Instantly share code, notes, and snippets.

@hugodias
Last active November 22, 2019 14:54
Show Gist options
  • Save hugodias/ef21e0a1e8b3c1c4cbd50dcd60aa0539 to your computer and use it in GitHub Desktop.
Save hugodias/ef21e0a1e8b3c1c4cbd50dcd60aa0539 to your computer and use it in GitHub Desktop.
WordPress Security Checklist
<IfModule mod_headers.c>
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
</IfModule>

Core

  • Update WordPress to the latest version

Themes

  • Remove all unused themes
  • Update themes to the latest version available
  • Check for mixing content

Plugins

Users

  • Update password of all users
  • Delete users that are not being used

URLs

  • run wp search-replace "stage-url.rockstage.io" "domain.com" to update all urls
  • run wp search-replace "http://stage-url.rockstage.io" "https://domain.com" to force all urls to use HTTPS
  • Always use SSL (HTTPS)

Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment