Are all the themes and plugin’s on your website up to date?

Great Job!

Any Security flaw in older versions of software and plugins are usually known and can be exploited. That is why is is critical to keep everything on your WordPress site up to date.

WordPress provides six different user roles that you can assign to your users. How many uses have admin level access to your site?

You should analyze each of the users you’ve added to the backend of your WordPress. And Know

  • How many users have full admin access?
  • How many users actually need admin access?
  • The restrictions and lower permissions you need to assign for the ones who don’t require admin access?
  • Everyone that has access to your dashboard, If you do not recognize an account, , delete that user because they could be rogue accounts that a hacker have created on your site.
  • Make sure that any individual who’s a site admin isn’t using the name, Admin.

Are you using two-factor authentication login?

You’re a security pro.

Two-factor authentication adds an extra layer of security to your WordPress site and is simple to implement.

Do you have a backup solution for your WordPress site?

It is critical to not only have a backup solution, but to test it as well. Many hosting providers will not allow you to run a test if you are only using a site backup tool from your host.

Even when your hosting company does a automatic back up of their server, have you considered what you would do if they couldn’t restore your individual website or database.?

Do you have any unused WordPress plugins?

Unused plugins, those that have been deactivated, have not been updated, and simply sit there as a plugin, are the weak link in a WordPress website, as they allow hackers to exploit your website and, in some cases, add plugins that potentially contain malware that is infecting your site.


Do you have unused downloaded WordPress themes?

While it is critical to delete any themes that are no longer in use and only keep the theme that is currently active,**  it is recommended that you keep a backup theme, such the  2022 Theme on hand just in case you need one quickly.


Do you have any inactive users on your site?

inactive users can be exploited to attack your site.

Great Job!

Is the platform provided by your web host secure?

Good Choice.

Quality hosting doesn’t normally come in at $3 per month.

Do you put a limit on login attempts?

Show those hackers you mean business!

An attacker can try a variety of different usernames and passwords until they find one that works because there is no limit on the number of failed login attempts.

Is your website HTTPS?

Thank you for doing your part to keep users safe.

If the URL begins with an HTTPS, you are safely browsing on a site using SSL.

Does any user have FTP/sFTP access to your site?

FTP access allows users to delete and modify site files; only grant FTP access to people you trust and who need this type of site access.

Great choice.

Do you monitor your security activity?

Security must be your priority.

If your website is hacked, you’ll want to have the most up-to-date information to aid in a quick investigation and recovery.

**If you use a parent/child theme, the child theme will be active, but the parent will appear as inactive.  Do no remove the parent theme because it will contain any functionality that has not been replaced by the child theme.  If you are unsure, skip ahead and consult with our experts. Also, note that currently new design techniques and programs virtually eliminates the need for a child/parent theme.