Hardening WordPress

My Best Practices Guide is a downloadable accompaniment to the deck from Hardening WordPress, a presentation I first made at the WordPress Seattle Meetup in April 2011. It includes my essential guidance plus additional recommendations based on questions I’m frequently asked. The guide has undergone more than five major revisions; the most recent was completed June 2019. View and download it below in Portable Document Format (PDF).

Hardening WordPress, 2019 edition

The seven essential steps to securing WordPress from the guide are:

  1. Choose a good host that keeps their server stack updated
  2. Set up automatic backups (UpdraftPlus can help you with this!)
  3. Update in a timely fashion
  4. Utilize HTTPS to encrypt traffic to and from your site
  5. Tighten permissions
  6. Adopt good password hygiene (use a password manager and 2FA!)
  7. Build a firewall (BulletProof Security can help you with this!)


Use the form below to ask a question or submit a comment/testimonial if you found the guide useful.