Wordpress Setup checklist | Process Street Wordpress Setup checklist – Process Street

Backups:

Set up WPBackup so we have backups

Security:

Set up SFTP and disable unencrypted FTP

Set up file permissions

Revoke Drop/Alter/Grant statements for Wordpress DB user

http://codex.wordpress.org/Hardening_WordPress

Check that the plugins installed do not have any exploits

https://wordpress.org/plugins/exploit-scanner/

Install Security Plugin

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Make sure wp-admin admin user is not called admin

Check that there are no timthumb.php vulnerabilities

https://wordpress.org/plugins/timthumb-vulnerability-scanner/

Disallow file editing

Disallow file editing by adding this line to wp-config.php: define('DISALLOW_FILE_EDIT', true);

Remove WP version number

 http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

Add Bruce Force Protection plugin

https://wordpress.org/plugins/limit-login-attempts/

https://wordpress.org/plugins/bruteprotect/

Change admin user nice name

http://itpixie.com/2012/10/hide-your-wordpress-login-from-author-archive/#.VCTckPmSyDB

Move wp-config out of root directory

http://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial

Make sure database tables don't begin with wp_

(should use different prefix)

Install Harden-WP plugin

https://wordpress.org/plugins/harden-wp/

Install admin protect plugin

Install https://wordpress.org/plugins/wp-admin-protection/

Secure wp-includes

As per http://codex.wordpress.org/Hardening_WordPress