Skip to content

Instantly share code, notes, and snippets.

@marlonassuncao

marlonassuncao/wp-security-checklist.md

Forked from Wiz-Amit/wp-security-checklist.md
Last active November 26, 2021 11:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marlonassuncao/34312a062b610bff60b5615ab9181d6d to your computer and use it in GitHub Desktop.
Save marlonassuncao/34312a062b610bff60b5615ab9181d6d to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Security Checklist
Raw
wp-security-checklist.md

Wordpress Security Checklist

Recommended

  • Ensure that all connections (wp-admin, cpanel) are running on HTTPS
  • Use strong password. e.g. n*S*Vx7az$k'ubA) (Check strength)
  • Use secure hosting platform. e.g. Bluehost, Siteground
  • Always update to latest version of PHP
  • Check if the plugin is vulnerable before installing it
  • Always update to latest version of all plugins
  • Use auto backup tool. e.g. (UpdraftPlus)
  • Add security plugins: Sucuri, Wordfence, JetPack
  • Do not use username admin
  • Limit access to vulnerable directories and sensitive files. e.g. /wp-content/uploads/
Show code

File: .htaccess

# Disallow code execution
<Files *.php>
deny from all
</Files>
  • Limit login attempts (how to)
  • Disable directory browsing
Show code

File: .htaccess

# Add at the end of file
Options -Indexes

Optional

  • Disable Theme and Plugin Editors
Show code

File: wp-config.php

// Disallow file edit
define( 'WP_AUTO_UPDATE_CORE', true );
define( 'DISALLOW_FILE_EDIT', true );
add_filter( 'auto_update_theme', '__return_true' );
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_translation', '__return_true' );
Show code

File: .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>

Other resources

Site scanners

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment