Introduction:

WordPress security maintenance is an essential measure to take in order to keep your company's sensitive information private. If WordPress accounts aren't managed properly and regularly, it can leave your site vulnerable to break-ins and compromise the state of your company. 

Running a WordPress security audit allows you to prepare for and avoid any possible threats to your website. Though it's impossible to protect your website from every potential problem out there, it's certainly possible to prepare for some of the most common breach attempts by regularly auditing your site's security.

This is why we, at Process Street, created this WordPress security audit checklist template, to offer a quick and easy process that can be repeated as often as necessary without the risk of overlooking any crucial steps and leave your website free of any vulnerabilities.

Remove/alter “admin” user

Are you or another administrative user on your site still using "admin" as their username?  If so, the first thing you should do is remove or change them.  

If someone is trying to gain access into your account, testing common usernames, like "admin", will be one of their first attempts.

So, just create a new user under a different name for the admin user, transfer all of their content over to their new account, and delete the old one.

Change default passwords to strong passwords (admin users)

Make sure your passwords are all difficult to guess.

They should: 

  • 1
    be at least six characters long
  • 2
    use both lowercase and capital letters
  • 3
    use a combination of letters, numbers and special characters such as <, } and ~. –
  • 4
    include misspelled words with special characters, such as “[email protected]&NoE1$#8”

Enable WordPress login two-factor authentication

You should also consider enabling WordPress two-factor authentication. Two-factor authentication means that users would need to not only enter a password, but also to enter a code sent to the phone number or email that's attached to their account to get in.

So, if someone is trying to break into your account, they won’t be be able to even if they're able to guess your password. 

Change WordPress salts and keys

Make sure to check your wp-config.php file to see if you've changed your WordPress salts and keys.

Because WordPress uses cookies to verify logged in users and commenters on their sites, they added WordPress salt and keys to better protect private user information. 

Changing your salt and keys should be a recurring step in your security audit process, and WordPress even offers a salt and keys auto-generator that's simple to use.

Update WordPress plugins and themes to latest version

Make sure to check if all of your WordPress plugins and themes are up-to-date.

WordPress version updates usually include security fixes and improvements and if you’re still running older versions, you run the risk of version's security issues being exploited.

Remove any inactive users

Ensure that any inactive users on your site are removed. These abandoned users can also be exploited to breach your site.

Establish strong WordPress backup strategy

There's always a possibility that something can happen to your site, no matter how secure it may be.

That's why it's important to have a backup solution as part of your WordPress Security Audit Checklist.

You should consider using a WordPress backup plugin to quickly save your site in its entirety if the worst were to happen.

Approval: Final Approval (Content Manager)

Will be submitted for approval:
  • Remove/alter “admin” user
    Will be submitted
  • Change default passwords to strong passwords (admin users)
    Will be submitted
  • Enable WordPress login two-factor authentication
    Will be submitted
  • Change WordPress salts and keys
    Will be submitted
  • Update WordPress plugins and themes to latest version
    Will be submitted
  • Remove any inactive users
    Will be submitted
  • Establish strong WordPress backup strategy
    Will be submitted

Sources:

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.