WordPress Security Checklist

What is WordPress Security? Is WordPress Secure? How do we make WordPress more secure?

WordPress is an amazing platform that allows millions of Website developers to build and manage content using a wide range of themes and plugins. However, take a quick look at the WordPress release schedule and you’ll quickly see there are many bug fix and security updates on nearly a monthly basis:


These releases many times contain notices such as “it is recommended that you update your sites immediately”. To ensure the security of your website and your data, you need to stay on top of these updates otherwise risk getting hacked. Hacked could mean being a victim of a Phishing scheme, Malware, Ransomware, clickjacking, spoofing attack, loss of customer data, and many others.

It’s not just WordPress though. Any software is developed is at risk of a bug or security flaw. Open source software projects like WordPress, Joomla, Magento, etc. make it more publicly known however, since the code is available for anyone to see.

Also consider, that many times a security breach can go undetected for months or even years. So it is essential to remain vigilant and protect your investment. Thankfully, there are a few basic things you can do to secure your WordPress website. Here are the top 5 things on BruteBank’s essential security items for WordPress:

BruteBank’s Essential Security Checklist - Top 5
  1. Create individual accounts for any users accessing WordPress. When someone leaves your organization or finishes a project requiring Website access, you can easily remove their account. This ensures your admin password has not been leaked and you have prevented unauthorized access.
  2. Create a strong password for all users. Set passwords that are at least 25 characters long with a mixture of numbers, letters, and special characters like $, %, ^ , &, *, !. Note that this also applies to any cPanel, FTP/SSH/SFTP passwords that may have access to your hosting account as well.
  3. Make sure you’re using the correct WordPress permissions for all files. Having “world writeable” files and folders is a common mistake when setting up a WordPress website and can lead to overwritten files or injection of malicious code.
  4. Update the WordPress core version each time a release is made. Including any and all themes and plugins used on the Website. Make sure to also remove any unused plugins to simplify this process to “clean house” regularly.
  5. Demand the best from your hosting provider. This means picking a provider that puts security first and is constantly updating their servers to ensure security. Even with a hardened WordPress install, if your hosting provider has vulnerabilities, you’re still at risk. So using the latest version of cPanel, PHP, and core infrastructure services, taking frequent backups, requiring SSL, disabling services and using a tight firewall.

According to INTRUSION Inc, Cybercrime will cost the world’s businesses 
$10.5 Trillion dollars by 2025:


The United Nations reports that such cybercrimes are up over 600% during the COVID-19 pandemic:


With security breaches increasing in intensity and severity, now is the time to ensure your own Website is as secure as it can be.

Stay Informed

Subscribe to our newsletter for updates and upcoming releases. We won't share your information. Period.