A WordPress site needs to be maintained to keep it secure. This tutorial will go over how to maintain WordPress for security.
Please note that this tutorial is part of a series to help secure a WordPress blog. Some of these tips might not apply depending on the hosting environment. The following topics are covered:
- Setting up an SSL certificate
- Redirecting users to HTTPS
- Installing WordPress securely
- .htaccess for WordPress security
- php.ini for WordPress security
- Security plugins
- Security maintenance
Firstly, passwords should be changed at least every 4 months. As mentioned in the tutorial on How to install WordPress securely, choose a password that:
- Contains lowercase letters, capital letters, numbers and special characters;
- Is between 10 to 50 characters in length; and
- Is unique (you haven’t used the password anywhere else).
You can find a password generator at generators.page/password-generator.php.
Secondly, it is important to keep everything up to date as some updates may contain security related patches.
- WordPress version
- Any and all plugins
To check for updates and proceed with updating, click “Updates” under “Dashboard”.
As a result, anything in need of an update will be listed on the page with an update option.
Delete unused plugins
Too many plugins can affect a site’s security. Thus you should delete all unused plugins. To do so, navigate to “Installed plugins” under “Plugins”.
Then navigate to the unused plugin and click “Deactivate”.
Finally, delete the plugin by clicking “Delete”.
In summary, to maintain WordPress for security, change passwords at least every 4 months, delete unused plugins and keep everything up to date: from WordPress to themes to plugins.
If you know of any maintenance procedures that would be beneficial to a blog’s security, please let me know in the comments down below!