{"id":31144,"date":"2019-10-02T08:35:06","date_gmt":"2019-10-02T08:35:06","guid":{"rendered":"https:\/\/elementor.com\/blog\/?p=31144"},"modified":"2019-10-02T08:35:06","modified_gmt":"2019-10-02T08:35:06","slug":"wordpress-security","status":"publish","type":"post","link":"https:\/\/elementor.com\/blog\/wordpress-security\/","title":{"rendered":"How to Secure Your WordPress Site: The Complete Guide"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"31144\" class=\"elementor elementor-31144\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5e019fa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5e019fa\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ce853e9\" data-id=\"ce853e9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-98ad601 elementor-widget elementor-widget-text-editor\" data-id=\"98ad601\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Creating your own WordPress site is both exciting and overwhelming. There\u2019s a lot you need to do to set everything up, from picking out a theme to writing your first blog post. Yet, the one factor many people neglect is security.<\/p><p>WordPress is very beginner-friendly and easy to learn, but that comes with some caveats. Hackers like to take advantage of relatively inexperienced users and breach new websites. They do so to get access to sensitive information or use the site to spread malware to unsuspecting visitors.<\/p><p>After all, WordPress powers <a href=\"https:\/\/w3techs.com\/technologies\/details\/cm-wordpress\/all\/all\" target=\"_blank\" rel=\"noopener\">almost 35% of the web<\/a>. That means more than a third of all sites share similar vulnerabilities, making it a lucrative target for hackers. So is WordPress still really worth using? Aren\u2019t we just opening ourselves up to being hijacked?<\/p><p>The truth is, with the right knowledge, using WordPress is arguably just as safe, if not safer, than making your own website. It\u2019s impossible to develop an impregnable website that will never ever be breached. Even if you\u2019re trying to create your own site from scratch, remember that you\u2019re on your own.<\/p><p>WordPress users have access to hundreds of resources, like this one that can help patch security holes, making it all but impenetrable. Let\u2019s go over the pros and cons of WordPress security in detail, and give some tips for making your website safer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ab97856 elementor-widget elementor-widget-heading\" data-id=\"ab97856\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/elementor.com\/blog\/wordpress-security-plugins\/\"><u>And don't miss our review of the best WordPress security plugins!<\/u><\/a><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7b40b23 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7b40b23\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ee14ad0\" data-id=\"ee14ad0\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2e345c2 elementor-widget elementor-widget-heading\" data-id=\"2e345c2\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">WordPress: Is an Open Source Product Really Secure?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc42863 elementor-widget elementor-widget-text-editor\" data-id=\"bc42863\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>WordPress is open source, which means that the code that runs your website is free to be examined by anyone who wants to. This includes hackers searching for vulnerabilities to exploit. With that in mind, is it safe to use open source platforms?<\/p><p>As it happens, using open source platforms can be much safer than making your own site, especially if you have no idea what you\u2019re doing. Many programmers will have an understanding of how to make a secure system, but you\u2019ll often need to hire a security engineer to be fully protected. And even then, you\u2019ll have to maintain your own code and keep it updated, and that\u2019s expensive.<\/p><p>WordPress\u2019 code isn\u2019t only scoured by hackers. It\u2019s also maintained by the <a href=\"https:\/\/wordpress.org\/about\/security\/\" target=\"_blank\" rel=\"noopener\">WordPress security team<\/a>, volunteer developers, ethical white hat hackers, and other interested parties with good intentions. So even if something slips through, there\u2019s a good chance it\u2019ll be caught fast.<\/p><p>Most <a href=\"https:\/\/kinsta.com\/blog\/is-wordpress-secure\/\" target=\"_blank\" rel=\"noopener\">security breaches<\/a> aren\u2019t even caused by a vulnerability in an up-to-date WordPress installation. They happen because people don\u2019t keep WordPress and its plugins up to date, they may install malicious software accidentally, or use insecure passwords. If you follow good practices, chances are you\u2019ll be perfectly safe.<\/p><p>That said, let\u2019s dive into some of the things you can do to protect your WordPress site.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5746122 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5746122\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a55e540\" data-id=\"a55e540\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-186fb72 elementor-widget elementor-widget-heading\" data-id=\"186fb72\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">WordPress Security: 9-Step Checklist\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3589d18 elementor-widget elementor-widget-heading\" data-id=\"3589d18\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">1. Choose Secure Hosting<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84b51d2 elementor-widget elementor-widget-text-editor\" data-id=\"84b51d2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>One major factor behind these security vulnerabilities is low-quality <a href=\"https:\/\/elementor.com\/blog\/wordpress-hosting-elementor\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a>.\u00a0<\/p><p>Invest in a host that places high value on security. You aren&#8217;t doing yourself any favors if you feel that cheaper hosting costs outweighs security. Part of your market research must include looking into the hosting company&#8217;s security record. Are they security-conscious? Do they rely on latest technology and standards?\u00a0<\/p><p>This is also true for shared hosting. While it is a cheaper option, it also means that you&#8217;re sharing server space with other customers. Unfortunately, all it takes is for one website to get infected, and the malware to spread across every site on the network.\u00a0<\/p><p>This is why we should consider upgrading to <a class=\"wpil_keyword_link\" href=\"https:\/\/elementor.com\/pages\/seo\/cloud-based-web-hosting\/\"   title=\"cloud\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"2669\">cloud<\/a>, VPS, or dedicated hosting when we can afford it.<\/p><p>In addition, we should be looking for a host that offers the following services:<\/p><ul><li style=\"list-style-type: none\"><ul><li><strong>Up to date server software<\/strong> \u2013 Too many hosts still run on PHP 5, which has long lost support. At this point in time, servers should at least use PHP 7.0+. The same goes for other software like cPanel, MySQL or other database programs, and the operating system.<br \/><br \/><\/li><li><strong>Malware monitoring and removal<\/strong> \u2013 Pick a host that actively makes an effort to detect and prevent malware infections, and possibly offers malware scanning and removal for when you do get breached. Not all web hosts have a policy for removing malware from an infected site, and among those that do, some will charge extra for this service.<br \/><br \/><\/li><li><strong>Firewalls and other security measures<\/strong> \u2013 There are many ways that hosting providers can increase their server security. Possibly, the most effective among them is to rely on a firewall as it prevents unauthorized outside access to the server. It might be a good idea to check whether a provider has this and other means of prevention in place before making a choice.<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78d9779 elementor-widget elementor-widget-heading\" data-id=\"78d9779\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">2. Install an SSL Certificate\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cfdc4c5 elementor-widget elementor-widget-text-editor\" data-id=\"cfdc4c5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\">A Secure Sockets Layer (SSL) certificate encrypts the data served between the user and your website. SSL grants you an https <a class=\"wpil_keyword_link\" href=\"https:\/\/elementor.com\/blog\/url\/\"   title=\"URL\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"7011\">URL<\/a> and a certificate to go with it, without which users will receive a red \u201cNot secure\u201d notification in the address bar when visiting our site.<\/p><p dir=\"ltr\">Browsers are increasingly blocking access to websites without SSL, making this a must-have for any <a class=\"wpil_keyword_link\" href=\"https:\/\/elementor.com\/blog\/what-is-wordpress\/\"   title=\"WordPress website\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"4683\">WordPress website<\/a>.<\/p><p dir=\"ltr\">Migrating your WordPress website to HTTPS can be a difficult process for existing websites. Your website is migrated by following these four steps, which can easily be automated with\u00a0<a href=\"https:\/\/really-simple-ssl.com\/\">Really Simple SSL.\u00a0<\/a><\/p><p><strong>1. Acquire your SSL certificate. <\/strong>As SSL has become the golden standard, most hosting providers will set you up with a free certificate which can be activated in your hosting dashboard. If your hosting provider charges you for an SSL certificate, or doesn&#8217;t provide one at all, you can generate your free <a href=\"http:\/\/wordpress.org\/plugins\/really-simple-ssl\">Let&#8217;s Encrypt certificate<\/a>.<strong><br \/><\/strong><\/p><div><strong>You can also turn to <a href=\"https:\/\/www.identrust.com\/\">IdenTrust<\/a> and <a href=\"https:\/\/ssl.comodo.com\/\">Comodo<\/a> for SSL certification<\/strong><\/div><div>\u00a0<\/div><p dir=\"ltr\"><strong>2. Activate SSL. <\/strong>Once your SSL certificate is installed, you can easily activate it with the free Really Simple SSL plugin<\/p><p dir=\"ltr\"><strong>3. Upgrade all requests to https. <\/strong>Now that your site is secured over https, you&#8217;ll want to prevent any visitors from (deliberately or accidentally) visiting the insecure (http) version of your site. This is usually done with a 301 redirect. All links to used resources on your site (eg. Images, scripts, etc.) will need to be updated to https to prevent your visitors from seeing an \u2018insecure site&#8217; warning in their browser<\/p><p dir=\"ltr\"><strong>4. Enforce SSL.<\/strong>\u00a0To further secure your site, you can add security headers to your site, which further enforce SSL and add an extra layer of security<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0dcc04a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0dcc04a\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2dc8911\" data-id=\"2dc8911\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2984b81 elementor-widget elementor-widget-heading\" data-id=\"2984b81\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">3. Back-Up Your Website\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b57f223 elementor-widget elementor-widget-text-editor\" data-id=\"b57f223\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Before you even begin making changes to your site, before updating WordPress or installing a plugin, the very first thing you should do is set up your backups. This way, no matter what the worst case scenario is, an accidental change to the code, WordPress glitch, a corrupted database &#8211; we have a solution.<\/p><p>Even if our site gets hacked, and the damage is irreparable, we won\u2019t have to build it all over again from scratch.<\/p><p><a href=\"https:\/\/wordpress.org\/support\/article\/wordpress-backups\/\" target=\"_blank\" rel=\"noopener\">Manual backups<\/a>, copying files and transferring them manually to hard-drive or cloud, are the free but time-consuming. True, we can do this as often (once a day) or as rarely as we want. Although a backup done once every 6-months might be a little risky.<\/p><p>Check to see if your host offers weekly, monthly, or daily automated backups. This service is usually commercial, but occasionally free. If this is the case, and your host backs up both your files and database, you don\u2019t need to do anything else. Though it may be a good idea to keep a few manual backups just in case.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2222c6 elementor-widget elementor-widget-heading\" data-id=\"f2222c6\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">WordPress Backup Plugins\n<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d1c17c1 elementor-widget elementor-widget-image\" data-id=\"d1c17c1\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/elementor\/thumbs\/UpdraftPlus-r4q6y3o2q0ew6lb4akzft8kggnhmzvsaynsaz7jjmi.jpg\" title=\"UpdraftPlus\" alt=\"UpdraftPlus\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-612eaa4 elementor-widget elementor-widget-text-editor\" data-id=\"612eaa4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If our host doesn\u2019t offer website backups, or if the backup provided by our host excludes files or our database, we can also rely on plugins.<\/p><p>It&#8217;s a good idea to have at least a solid solution for each website you own or administer, and WordPress backup plugins can provide that extra layer of protection.<\/p><p><a href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\" target=\"_blank\" rel=\"noopener\">iThemes<\/a> is one good example. This security plugin offers free database backups, along with its suite of tools and patches. Their related plugin <a href=\"https:\/\/ithemes.com\/purchase\/backupbuddy\/\" target=\"_blank\" rel=\"noopener\">BackupBuddy<\/a> allows you to do a full site backup as well.<\/p><p>Free or freemium plugins like <a href=\"https:\/\/wordpress.org\/plugins\/updraftplus\/\" target=\"_blank\" rel=\"noopener\">UpdraftPlus<\/a>, <a href=\"https:\/\/wordpress.org\/plugins\/backupwordpress\/\" target=\"_blank\" rel=\"noopener\">BackUpWordPress<\/a>, and <a href=\"https:\/\/wordpress.org\/plugins\/vaultpress\/\" target=\"_blank\" rel=\"noopener\">VaultPress<\/a> also do the job efficiently and are worth checking out.\u00a0<\/p><p>Remember that even if you decide to rely on a backup plugin, you will still need a security plugin, such as <a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noopener\">Wordfence<\/a>, if you want to stay safe.<\/p><p>Don\u2019t wait till it\u2019s too late. Setting up your security at the last minute is as effective as fixing the holes in your roof during a rainstorm.\u00a0<\/p><p>Spending an hour or so to set up your backups and security will save you months, perhaps even years of work.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-405d02a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"405d02a\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9da44c0\" data-id=\"9da44c0\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-cba84c2 elementor-widget elementor-widget-heading\" data-id=\"cba84c2\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">4. Keep Your Plugins and Theme Secure<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b0d6ebc elementor-widget elementor-widget-text-editor\" data-id=\"b0d6ebc\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If you\u2019ve chosen a good host, and your backups are set up, you have a fairly good security infrastructure in place. But there are still a few more things that you should do to fully secure your site.\u00a0<\/p><p>An outdated plugin or an insecure theme is the huge gateway for infiltrating your website. Keeping them updated helps to patch up potential holes, preventing this from happening.<\/p><p>Updating your site components is as simple as going to your WP admin dashboard and checking for update notifications under <strong>Dashboard &gt; Updates<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9b6e31b elementor-widget elementor-widget-image\" data-id=\"9b6e31b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/elementor\/thumbs\/Dasboard-plugin-updates-r4q72p3o4upcxymtgkhs02tl0gu8mm129elrfwqdvq.jpg\" title=\"Dasboard plugin updates\" alt=\"Dasboard plugin updates\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a3d944 elementor-widget elementor-widget-text-editor\" data-id=\"4a3d944\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Mark any themes or plugins you want to update by ticking the boxes, then click the button at the top\/bottom to start updating them. If you have a habit of ignoring these alerts, it\u2019s time to stop.\u00a0<\/p><p>As you know, plugins and themes can be updated through the <em>Plugins<\/em> and the <em>Themes<\/em> tabs. Also, not all premium third-party themes push automatic updates, so you might want to check their websites every now and then.<\/p><p>More importantly than updating your plugins and themes is keeping WordPress up to date.<\/p><p><a href=\"https:\/\/blog.sucuri.net\/2018\/04\/hacked-website-trend-report-2017.html\" target=\"_blank\" rel=\"noopener\">39% of hacked WordPress sites<\/a> were outdated. Sometimes you may need to push off an update because it may interfere with a plugin you\u2019re using, but eventually you may have to lose the plugin to save your site. Leaving WordPress outdated for months is possibly the worst thing you can do.<\/p><p>(Pro tip: Always back-up your site before introducing updates. Just in case there is a hiccup.)<\/p><p>While you\u2019re at it, you should remove the version number from your source code.<\/p><p>By default, WordPress websites carry a meta tag containing the WordPress version number that the site is using. We have to agree with security specialists that this just makes life too easy for hackers.\u00a0<\/p><p>You can <a href=\"https:\/\/digwp.com\/2009\/07\/remove-wordpress-version-number\/\" target=\"_blank\" rel=\"noopener\">manually remove WordPress\u2019 version number<\/a> by placing some simple code into your <strong>functions.php<\/strong> file. If, as we\u2019ve suggested, you are using a WordPress security plugin, many of them hide your WP version automatically. If you\u2019re considering using a performance plugin, the Perfmatters plugin also includes an option to <a href=\"https:\/\/perfmatters.io\/docs\/remove-wordpress-version-number\/\" target=\"_blank\" rel=\"noopener\">hide WP version<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6693074 elementor-widget elementor-widget-heading\" data-id=\"6693074\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">5. Install Plugins and Themes From Reliable Sources<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f717d9 elementor-widget elementor-widget-text-editor\" data-id=\"0f717d9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Another big mistake WordPress users make is getting their plugins and themes from unreliable vendors. A bad theme or plugin can corrupt, deface, or inject malware into your pages.\u00a0<\/p><p>Third-party websites and developers are not endorsed by WordPress, and as such, you never know what you\u2019re getting. It would be best to avoid anything coming from unknown websites. If the plugin in question has many positive reviews and seems to be popular, it should be safe enough to install.\u00a0<\/p><p>Bad plugins can slip through the cracks.<\/p><p>Even if a plugin is in the <a href=\"https:\/\/wordpress.org\/plugins\/\" target=\"_blank\" rel=\"noopener\">official directory<\/a>, it is not guaranteed to be safe. Before downloading anything from the repository, take a look at the stats listed in the sidebar on the right of the page. Avoid downloading plugins that haven\u2019t been updated over the last year or more, have less than a few hundred installations, or receive low ratings.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a1b263c elementor-widget elementor-widget-image\" data-id=\"a1b263c\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"305\" height=\"291\" src=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=305,h=291\/blog\/wp-content\/uploads\/2019\/10\/WordPress-plugin-stats.jpg\" class=\"attachment-medium_large size-medium_large wp-image-31203\" alt=\"\" srcset=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=305\/blog\/wp-content\/uploads\/2019\/10\/WordPress-plugin-stats.jpg 305w, https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=300\/blog\/wp-content\/uploads\/2019\/10\/WordPress-plugin-stats-300x286.jpg 300w\" sizes=\"(max-width: 305px) 100vw, 305px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e1120a elementor-widget elementor-widget-text-editor\" data-id=\"8e1120a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The same is true for themes. WordPress offers a some themes in the <a href=\"https:\/\/wordpress.org\/themes\/browse\/featured\/\" target=\"_blank\" rel=\"noopener\">theme repository<\/a> (including our own <a href=\"https:\/\/elementor.com\/blog\/introducing-hello-theme\/\" target=\"_blank\" rel=\"noopener\">Hello theme<\/a>). If, like many users, you\u2019re looking for more variety, be sure to only purchase your themes from vendors and creators who are trusted and well-known in the community.<\/p><p>You should avoid \u201cnulled\u201d WordPress plugins and themes. Nulled software is a term used for premium plugins distributed for free, and without permission.<\/p><p>Besides being questionable and possibly illegal, nulled themes and plugins are a huge security risk. By relying on a developer already acting unethically to not include malware in the code, is about as sensible as asking a mouse to guard your cheese.<\/p><p>Some nulled distributors include code that causes excessive ads to appear on your site, distribute malware, or outright corrupt your database. Plus, you won\u2019t have access to any updates, and that can leave you vulnerable to attack when the software becomes outdated.<\/p><p>All in all, it\u2019s well within our best interest to avoid nulled plugins all together, and only install software from the WordPress repository or trusted vendors.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b158260 elementor-widget elementor-widget-heading\" data-id=\"b158260\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">6. Disable File Editing<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a71e415 elementor-widget elementor-widget-text-editor\" data-id=\"a71e415\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>WordPress comes with a set of easy-to-reach theme and plugin editors. You can find them under <strong>Appearance &gt; Theme Editor and Plugins &gt; Plugin Editor<\/strong>. These allow direct access to your site\u2019s code.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f4564d8 elementor-widget elementor-widget-image\" data-id=\"f4564d8\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"512\" height=\"291\" src=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=512,h=291\/blog\/wp-content\/uploads\/2019\/10\/Plugin-editor.jpg\" class=\"attachment-medium_large size-medium_large wp-image-31204\" alt=\"\" srcset=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=512\/blog\/wp-content\/uploads\/2019\/10\/Plugin-editor.jpg 512w, https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=300\/blog\/wp-content\/uploads\/2019\/10\/Plugin-editor-300x171.jpg 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-37f176a elementor-widget elementor-widget-text-editor\" data-id=\"37f176a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>While these tools are useful to some, many WordPress users aren\u2019t programmers and will never need to touch anything here. Playing around with this code without knowing what you\u2019re doing is a sure way to break things. If you are such a user, it\u2019s best to just disable file editing, as hackers can use the file editor to quickly execute malicious code or delete entire parts of your website. Disabling this slows them down.<\/p><p>You could also turn off the theme and plugin editors with <a href=\"https:\/\/wordpress.org\/support\/article\/hardening-wordpress\/#disable-file-editing\" target=\"_blank\" rel=\"noopener\">one line of code<\/a> in <strong>wp-config.php<\/strong>. If you end up needing to edit your site or plugins, just temporarily turn them back on. Alternatively, you can edit them via an FTP client.<\/p><p>Disabling file editing won\u2019t necessarily prevent attackers from doing damage, but it can confuse less experienced hackers and stop them in their tracks. At the very least, it\u2019ll make it a little more difficult for them and give us more time to realize something is wrong.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-40fc39f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"40fc39f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ade5228\" data-id=\"ade5228\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c0de7a5 elementor-widget elementor-widget-heading\" data-id=\"c0de7a5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">7. Strengthen Your Login Process<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-91fc62b elementor-widget elementor-widget-image\" data-id=\"91fc62b\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"768\" height=\"404\" src=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=768,h=404\/blog\/wp-content\/uploads\/2019\/10\/WordPress-login-page-768x404.jpg\" class=\"attachment-medium_large size-medium_large wp-image-31205\" alt=\"\" srcset=\"https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=768\/blog\/wp-content\/uploads\/2019\/10\/WordPress-login-page-768x404.jpg 768w, https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=300\/blog\/wp-content\/uploads\/2019\/10\/WordPress-login-page-300x158.jpg 300w, https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=1024\/blog\/wp-content\/uploads\/2019\/10\/WordPress-login-page-1024x539.jpg 1024w, https:\/\/elementor.com\/cdn-cgi\/image\/f=auto,w=1304\/blog\/wp-content\/uploads\/2019\/10\/WordPress-login-page.jpg 1304w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1516671 elementor-widget elementor-widget-text-editor\" data-id=\"1516671\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>When someone figures out your password without resorting to exploiting the site\u2019s code, it\u2019s most likely a result of brute force attacks. This involves forcibly trying various combinations of letters and numbers until they get the password right.<\/p><p>Sometimes a potential attacker will try common combinations, before moving on to using programs run an automated process that tries several random password combinations per second.<\/p><p>If you\u2019re beginning to feel as though you might as well give up all hope of keeping your sites secure, don\u2019t. There are tons of ways to slow down hackers, deter, and even prevent attackers from doing things like brute force attacks.<\/p><p>WordPress\u2019 default installation relies on a similar login path each time. Making this a prime and easy target for hackers trying common or easily guessable passwords.<\/p><p>The reason that so many people continue to use WordPress is that many of these issues are easily fixed.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-994d483 elementor-widget elementor-widget-heading\" data-id=\"994d483\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">8. Create a Strong Login Combination<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9963802 elementor-widget elementor-widget-text-editor\" data-id=\"9963802\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The first and most important step is to choose a proper username and password. We could hide the login page under a different URL, but if you\u2019re login is something as mundane as admin\/password, it wouldn\u2019t make any difference once hackers find it.\u00a0<\/p><p>Here\u2019s a list of usernames you should definitely avoid.<\/p><ul><li><strong>Admin <\/strong>\u2013 This used to be the default username for WordPress and is, therefore, one that will definitely be tried in a brute force attack.<\/li><li><strong>Your real name or nickname<\/strong> \u2013 This is both public information and as easy to guess as \u201cadmin\u201d. In addition, it can make sense to create a separate profile without administrator right to publish content. That way, the username of the main login does not appear on the website.<\/li><li><strong>Any personal information<\/strong> &#8211; Including birthday, etc. Only use a personal detail if it\u2019s something no one could ever know.<\/li><li><strong>The title of your site, or something obviously related to it <\/strong>\u00a0\u2013 \u201cKittens\u201d for a cat adoption agency, etc.<\/li><\/ul><p>You also need to choose a secure password. The general gist of this is the same: avoid personal info, obvious choices like \u201cpassword\u201d, or anything clearly related to your website.<\/p><p>A good password is 10+ characters, uses a variety of characters, and <a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_the_most_common_passwords#SplashData\" target=\"_blank\" rel=\"noopener\">avoids common words and phrases<\/a>. The best passwords are a long series of completely random letters, numbers, and symbols that no one could ever possibly guess. Services like <a href=\"https:\/\/passwordsgenerator.net\/\" target=\"_blank\" rel=\"noopener\">Secure Password Generator<\/a> can help you create them.<\/p><p>If you have a hard time remembering your login information, consider using a service like <a href=\"https:\/\/www.lastpass.com\/\" target=\"_blank\" rel=\"noopener\">LastPass<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d3264e4 elementor-widget elementor-widget-heading\" data-id=\"d3264e4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">9. Lock Down Your Login Page\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-641f0a4 elementor-widget elementor-widget-text-editor\" data-id=\"641f0a4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>By default, anyone can log into your website by going to <strong>yoursite.com\/wp-admin<\/strong>. You can stop them in their tracks by changing the URL entirely. <a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noopener\">WPS Hide Login<\/a> allows you to switch it to whatever you want. Just install it and go to the plugin settings to change it.<\/p><p>You should use a login path that isn\u2019t obvious. It might deter them a little if you change it to something like <strong>\/login or \/new-login<\/strong>, but if they\u2019re determined, they\u2019ll figure that out pretty quickly. Therefore, it\u2019s better to choose something very hard to guess like <strong>\/jacksparrowshideout<\/strong>.<\/p><p>Next, install a plugin to limit login attempts. Any person can spam your server with hundreds of requests until they guess it right. A plugin that <a href=\"https:\/\/wordpress.org\/plugins\/wp-limit-login-attempts\/\" target=\"_blank\" rel=\"noopener\">limits login attempts<\/a> will give them only a few chances before they\u2019re locked out. It can also detect and redirect bots away from your login page.<\/p><p>Alternatively, you could activate a CAPTCHA to slow them down even further.<\/p><p>At this point, most hackers will search for easier targets. They can keep trying once their time is up, but in that time we could check our <a href=\"https:\/\/www.wpsecurityauditlog.com\/support-documentation\/what-wordpress-audit-trail\/\" target=\"_blank\" rel=\"noopener\">audit logs<\/a>, notice their attempts to get in, and issue an IP ban.\u00a0<\/p><p>You could also try <a href=\"https:\/\/www.cloudflare.com\/rate-limiting\/\" target=\"_blank\" rel=\"noopener\">Cloudflare Rate Limiting<\/a>. This automatically detects brute force as well as DDoS attacks and blocks the offending IP address.<\/p><p>The last step is to set up <a href=\"https:\/\/wordpress.org\/plugins\/miniorange-2-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">two-step authentication<\/a> using a plugin. Besides requiring a username and password to get in, it asks the visitor for a third authenticator. The most common is a text verification of a message sent to your phone. A hacker might be able to gain access to your email,but it\u2019s very unlikely they could steal your phone.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5b77f90 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5b77f90\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-54cebea\" data-id=\"54cebea\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-859a36e elementor-widget elementor-widget-heading\" data-id=\"859a36e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Keep WordPress Safe\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b8cd111 elementor-widget elementor-widget-text-editor\" data-id=\"b8cd111\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>An untouched installation of WordPress is open to attackers. Neglecting security leaves you vulnerable to hackers looking to defaced, deleted, or even injected your site with malware.\u00a0<\/p><p>However, a day spent installing and setting up the right security plugins and filling in all those little holes could make all the difference.<\/p><p>By following the advice we\u2019ve provided, your site will be far safer from attackers. The great part is, many of these methods are \u201cset-it-and-forget-it\u201d actions. Simply changing one setting and you won\u2019t need to think about it for a long time.<\/p><p>In summary: Pick a trustworthy host with secure servers, install an SSL certificate if you\u2019re collecting user data, keep your website backed up and your installation and themes up to date, and make sure you have a secure login. Do all this and hackers, especially amateur hackers, will be stopped at the gate.<\/p><p><em>Has your WordPress site ever been hacked? How did you manage to reclaim your website and clean it up? We\u2019d love to hear your story in the comments.<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>WordPress is very beginner-friendly and easy to learn, but many users often forget one factor \u2014 security. In this article, we&#8217;ll go over the pros and cons of WordPress security in detail, and give you tips on making your website safer.<\/p>\n","protected":false},"author":9628,"featured_media":31215,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[43],"tags":[79],"marketing_persona":[51],"marketing_intent":[48],"class_list":["post-31144","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","tag-build"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor<\/title>\n<meta name=\"description\" content=\"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros &amp; cons of WordPress security in detail and provide the top tips for making your website safer.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/elementor.com\/blog\/wordpress-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor\" \/>\n<meta property=\"og:description\" content=\"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros &amp; cons of WordPress security in detail and provide the top tips for making your website safer.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/elementor.com\/blog\/wordpress-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/elemntor\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-02T08:35:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/oovolzcf.elementor.cloud\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nick Sch\u00e4ferhoff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@elemntor\" \/>\n<meta name=\"twitter:site\" content=\"@elemntor\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nick Sch\u00e4ferhoff\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/\"},\"author\":{\"name\":\"Nick Sch\u00e4ferhoff\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/7d8909e8594b46aa301e5bcda745590e\"},\"headline\":\"How to Secure Your WordPress Site: The Complete Guide\",\"datePublished\":\"2019-10-02T08:35:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/\"},\"wordCount\":3269,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/elementor.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png\",\"keywords\":[\"Build\"],\"articleSection\":[\"WordPress\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/elementor.com\/blog\/wordpress-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/\",\"url\":\"https:\/\/elementor.com\/blog\/wordpress-security\/\",\"name\":\"WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor\",\"isPartOf\":{\"@id\":\"https:\/\/elementor.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png\",\"datePublished\":\"2019-10-02T08:35:06+00:00\",\"description\":\"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros & cons of WordPress security in detail and provide the top tips for making your website safer.\",\"breadcrumb\":{\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/elementor.com\/blog\/wordpress-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage\",\"url\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png\",\"contentUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/elementor.com\/blog\/wordpress-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/elementor.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress\",\"item\":\"https:\/\/elementor.com\/blog\/category\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to Secure Your WordPress Site: The Complete Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/elementor.com\/blog\/#website\",\"url\":\"https:\/\/elementor.com\/blog\/\",\"name\":\"Elementor\",\"description\":\"Website Builder for WordPress\",\"publisher\":{\"@id\":\"https:\/\/elementor.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/elementor.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/elementor.com\/blog\/#organization\",\"name\":\"Elementor\",\"url\":\"https:\/\/elementor.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png\",\"contentUrl\":\"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png\",\"width\":225,\"height\":225,\"caption\":\"Elementor\"},\"image\":{\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/elemntor\/\",\"https:\/\/x.com\/elemntor\",\"https:\/\/www.instagram.com\/elementor\/\",\"https:\/\/www.youtube.com\/channel\/UCt9kG_EDX8zwGSC1-ycJJVA?sub_confirmation=1\",\"https:\/\/en.wikipedia.org\/wiki\/Elementor\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/7d8909e8594b46aa301e5bcda745590e\",\"name\":\"Nick Sch\u00e4ferhoff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/elementor.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b66b3d829a78dc79fc182cedf1bf7c7d2a16017fc662b637ad7aa05365341f60?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b66b3d829a78dc79fc182cedf1bf7c7d2a16017fc662b637ad7aa05365341f60?s=96&d=mm&r=g\",\"caption\":\"Nick Sch\u00e4ferhoff\"},\"description\":\"Nick Sch\u00e4ferhoff is an entrepreneur, online marketer, and professional blogger from Germany. When not building websites, creating content or helping his clients improve their online business, he can most often be found at the gym, the dojo or traveling the world with his wife.\",\"url\":\"https:\/\/elementor.com\/blog\/author\/nschaeferhoff\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor","description":"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros & cons of WordPress security in detail and provide the top tips for making your website safer.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/elementor.com\/blog\/wordpress-security\/","og_locale":"en_US","og_type":"article","og_title":"WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor","og_description":"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros & cons of WordPress security in detail and provide the top tips for making your website safer.","og_url":"https:\/\/elementor.com\/blog\/wordpress-security\/","og_site_name":"Blog","article_publisher":"https:\/\/www.facebook.com\/elemntor\/","article_published_time":"2019-10-02T08:35:06+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/oovolzcf.elementor.cloud\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png","type":"image\/png"}],"author":"Nick Sch\u00e4ferhoff","twitter_card":"summary_large_image","twitter_creator":"@elemntor","twitter_site":"@elemntor","twitter_misc":{"Written by":"Nick Sch\u00e4ferhoff"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#article","isPartOf":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/"},"author":{"name":"Nick Sch\u00e4ferhoff","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/7d8909e8594b46aa301e5bcda745590e"},"headline":"How to Secure Your WordPress Site: The Complete Guide","datePublished":"2019-10-02T08:35:06+00:00","mainEntityOfPage":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/"},"wordCount":3269,"commentCount":0,"publisher":{"@id":"https:\/\/elementor.com\/blog\/#organization"},"image":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage"},"thumbnailUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png","keywords":["Build"],"articleSection":["WordPress"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/elementor.com\/blog\/wordpress-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/elementor.com\/blog\/wordpress-security\/","url":"https:\/\/elementor.com\/blog\/wordpress-security\/","name":"WordPress Security Checklist: 9 Steps to Protect Your Site | Elementor","isPartOf":{"@id":"https:\/\/elementor.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage"},"image":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage"},"thumbnailUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png","datePublished":"2019-10-02T08:35:06+00:00","description":"WordPress is so beginner-friendly and easy to learn that many users often forget one crucial factor \u2014 security. In this article, we review the pros & cons of WordPress security in detail and provide the top tips for making your website safer.","breadcrumb":{"@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/elementor.com\/blog\/wordpress-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#primaryimage","url":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png","contentUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2019\/10\/how-to-secure-wordpress-2.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/elementor.com\/blog\/wordpress-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/elementor.com\/blog\/"},{"@type":"ListItem","position":2,"name":"WordPress","item":"https:\/\/elementor.com\/blog\/category\/wordpress\/"},{"@type":"ListItem","position":3,"name":"How to Secure Your WordPress Site: The Complete Guide"}]},{"@type":"WebSite","@id":"https:\/\/elementor.com\/blog\/#website","url":"https:\/\/elementor.com\/blog\/","name":"Elementor","description":"Website Builder for WordPress","publisher":{"@id":"https:\/\/elementor.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/elementor.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/elementor.com\/blog\/#organization","name":"Elementor","url":"https:\/\/elementor.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png","contentUrl":"https:\/\/elementor.com\/blog\/wp-content\/uploads\/2025\/06\/images.png","width":225,"height":225,"caption":"Elementor"},"image":{"@id":"https:\/\/elementor.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/elemntor\/","https:\/\/x.com\/elemntor","https:\/\/www.instagram.com\/elementor\/","https:\/\/www.youtube.com\/channel\/UCt9kG_EDX8zwGSC1-ycJJVA?sub_confirmation=1","https:\/\/en.wikipedia.org\/wiki\/Elementor"]},{"@type":"Person","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/7d8909e8594b46aa301e5bcda745590e","name":"Nick Sch\u00e4ferhoff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/elementor.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b66b3d829a78dc79fc182cedf1bf7c7d2a16017fc662b637ad7aa05365341f60?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b66b3d829a78dc79fc182cedf1bf7c7d2a16017fc662b637ad7aa05365341f60?s=96&d=mm&r=g","caption":"Nick Sch\u00e4ferhoff"},"description":"Nick Sch\u00e4ferhoff is an entrepreneur, online marketer, and professional blogger from Germany. When not building websites, creating content or helping his clients improve their online business, he can most often be found at the gym, the dojo or traveling the world with his wife.","url":"https:\/\/elementor.com\/blog\/author\/nschaeferhoff\/"}]}},"_links":{"self":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/31144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/users\/9628"}],"replies":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/comments?post=31144"}],"version-history":[{"count":5,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/31144\/revisions"}],"predecessor-version":[{"id":93726,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/posts\/31144\/revisions\/93726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/media\/31215"}],"wp:attachment":[{"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/media?parent=31144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/categories?post=31144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/tags?post=31144"},{"taxonomy":"marketing_persona","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/marketing_persona?post=31144"},{"taxonomy":"marketing_intent","embeddable":true,"href":"https:\/\/elementor.com\/blog\/wp-json\/wp\/v2\/marketing_intent?post=31144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}