Welcome To The WordPress Security Checklist

How do I secure WordPress?

Answer: The WordPress Security Checklist!

(Oh, by the way… the checklist is FREE!)

You’re probably here because you think about securing your websites.

That’s great! We’re here to help you get it right.

Is Your Web Site Secure?

Many attacks on web sites are automated so it makes no difference if yours does not get a lot of visitors or if you think your site is not interesting to hackers.

Hackers will use your site’s resources for their own purposes if you do not stop them!

Everyone who has a WordPress site needs
to take security very seriously.

Our WordPress Security Checklist Shows The Way

Man With Lock And KeyThe Checklist is based on our own real life experiences.

We make it easy for you to harden the security of your WordPress site. We tell you what you need to do and also show you how you do it.

We show you:

  • What you need to do on your local computer to stay safe.
  • How to make it easy to keep your site updated.
  • Which security plugins you need and how to configure them.
  • How to setup a great backup plan so you always have a fresh backup.
  • How to get notified if your site gets hacked.
  • How to recover if your site gets hacked.

The checklist allows you to secure your WordPress site with as little effort as possible.

Why Did You Create The Checklist?

We run a number of sites based on WordPress ourselves.

And we thought we had done a good job of securing them.

But we were wrong!

Our sites were compromised. Suspicious looking files appeared on our sites, and we had no idea how or when they got there.

We cleaned up, added a couple of security plugins and thought that was the end of that.

But it was only a couple of weeks before it happened again.

We realized we had to understand how to get the job done properly. And after researching the topic we discovered why we had not done a good job of hardening our sites in the first place:

It is very difficult to get a good answer to the question:

How do I secure my WordPress site?

Sure, there are plenty of blog posts listing the 10 best security plugins (from two years ago) and how to secure your WordPress administration panel.

Too Much InfoIn fact there is too much information scattered around out there.

Finding, testing and deciding which of the many bits and pieces of information are valuable is very time consuming.

Hence the birth of The WordPress Security Checklist.

How Long Does It Take To Secure My Site?

The checklist is designed to be very easy to follow with step by step instructions.

At first it might seem a little bit long. Don’t let that stop you. It is very important that you get this done.

Most people will be able to secure their WordPress sites
in less than 5 hours.

The time it takes does depend on your skill level so it may be a little bit shorter or longer for you.

You do not have to do everything at the same time. If you prefer you can complete the tasks over a few days.

What Does The Checklist Cost?

We have profited tremendously from the open source community and we would like to give something back.

Although a lot of time and money has gone into creating the checklist…

we have decided to give it away for free!

However we greatly appreciate any contributions to keep the list going!

How Do I Get My Copy?


The WordPress Security Checklist

Simply follow the instructions on our download page.

What’s New On Our Site?

Below you will find the latest articles from our website:

  • How To Test Your WordPress Backup

    A crucial step in a great backup strategy is to test that you can restore your site from a WordPress Backup archive. If you can’t restore your site your backup archives are worthless. In this article Why Is Testing Your Backup Important? You Might Also Want To Read What’s In Your WordPress Backup Archives? Restoring […]

    WP Security Scan

    You need to run a basic WordPress Security Scan and optionally change your database prefix. Plugin Page: http://wordpress.org/extend/plugins/wp-security-scan/ Note! There are two other plugins with similar names in the plugin directory: Secure WordPress and WebsiteDefender WordPress Security. You do not need Secure WordPress. You can read more about WebsiteDefender WordPress Security here. Why WP Security […]

    WordPress User Roles And How To Use Them

    You need to understand the different user roles offered by WordPress and when to use them. Why WordPress User Roles Are Important If you give people access to log on to your WordPress site it is very important that you only give people the permissions they actually need – nothing more. Giving people more access […]

    Sucuri WordPress Security Plugin

    With the Sucuri WordPress Security plugin you can take preventive action to protect your WordPress site and you can scan your site for indications of intrusion. The Sucuri WordPress Security plugin significantly enhances your security by adding: A Web Application Firewall Integrity Monitoring Audit Logging and Activity Reporting 1-click Hardening Server Side Scanning Why The […]


    The Wordfence plugin checks the integrity of your WordPress core files, themes and plugins. It also scans your site for malware and phishing URL’s, backdoors and virus infections. Plugin Page: http://wordpress.org/extend/plugins/wordfence/ What You Need To Do You need to: Keep your WordPress site updated at all times. Verify the integrity of your WordPress core files, […]