WordPress Security Assessment

No Comments

WordPress Security Assessment

Assess Your WordPress Website Security

This assessment will determine how secure your WordPress website is!

  1. Do you create daily or weekly backups of your WordPress Files?
  2. Do you manually or automatically backup your WordPress database on a daily or weekly basis?
  3. Have you enabled the IP/Bots Blacklist feature?
  4. Have you enabled “honeypot” feature on the login and registration pages?
  5. Are you using a Captcha on you registration forms?
  6. Are you using a Captcha, or equivalent for comment submission?
  7. Are you using a Captcha on your login page?
  8. Do external subscribers or authors on your website require approval?
  9. Do you have a security that blocks spambots from commenting?
  10. Is your WordPress database using the default table name prefix; wp_ ?
  11. Is the directory browsing restricted for the public so that no one can browse your directories?
  12. Is the PHP file editing feature disabled on the WordPress dashboard?
  13. Is access to the default WordPress files delivered with all WordPress installations restricted?
  14. Is access to the Debug Log File restricted for the public?
  15. Do you use the default WP URL to login? Such as yourwebsite.com/wp-login.php or yourwebsite.com/wp-admin?
  16. Is the File Change Detection turned on so that files changed in your WordPress directory are recorded?
  17. Are any of the usernames in your WordPress website named “admin”?
  18. Are any of the usernames and display names identical, e.g. Username: johnsmith Display Name: John Smith?
  19. Are all of your passwords strong i.e. do they contain upper and lower case letters as well as numbers and symbols like #$*_-!?
  20. If someone tries to login to your WordPress site several times, will the login page be locked down?
  21. Does your website keep a record of “failed login attempts”?
  22. Is the feature that forces users to logout after a specific time installed? E.g. 10 minutes or 30 minutes.
  23. Do you review your system logs for WordPress server issues at least weekly?
  24. Have you enabled the Basic Firewall functionality?
  25. Do you manually or automatically scan your website for Malware daily?

    Full Name

    Email *

Free SEO Audit Tool

See how optimized a specific web page, landing page, or blog post is for an exact keyword or phrase

About us and this blog


Hi I'm Dave Russell CEO & Founder of OneFishTwoFish and we are Digital Marketing Strategists that deliver compelling solutions to help you attract, engage and convert more of your ideal clients online.

We devise strategies that help websites dramatically improve their ability to compete and thrive online. Why not book in for a complementary strategy call with our experts.

Click here to book

More from our blog

See all posts
No Comments