Securing WordPress has become easy thanks to the amazing work the WordPress team continuously do to fix vulnerabilities and improve the security of the platform. With the addition of Wordfence, it is possible to run a secure WordPress site and sleep well at night knowing your investment is safe.
1. Ensure that your site is backed up
Backups are the first step in securing your website. Your backups ensure that even if your site is compromised or damaged in some way, you can always recover it. We suggest running a full backup before making the changes below so that you can recover your site if you break anything. In addition to Daily scheduled backup, you can always submit a request to back your site manually anytime you like.
2. Delete any themes, plugins or extensions that you don’t need or that aren’t maintained
Sign in to your WordPress site and go to Plugins > Installed Plugins. Delete any plugins that you no longer use. Check everything else and make sure you recognize it and use it.
You can click the “Details” link next to each plugin to see when it was last updated. We strongly recommend that you delete any plugin that has not been updated for 2 years or more. It is unlikely that the author is maintaining the plugin and if a vulnerability is reported, it may not be fixed quickly.
Do the same for WordPress themes. Go to Appearance > Themes. Then delete any themes you no longer use. If you switched themes at some point and still require images in another theme directory, we recommend you delete as much as you can of the legacy theme and just preserve static assets like images and stylesheets.
Deleting old extensions, plugins and themes will remove them as potential entry points for a hacker.
3. custom WordPress themes?
If your theme is custom designed and you aren’t able to update it, you are going to need a developer to maintain that software. This is an unfortunate reality and expense of having a custom theme installed. You can’t just install and forget.
Many themes use libraries that eventually have vulnerabilities discovered in them. If your theme is not maintained, your site will eventually become hacked through this vulnerable software. When engaging the services of a company that designs custom WordPress websites, you should ask them if they will be maintaining any custom software they install on your WordPress site.