skip to Main Content
WordPress Hardening And Optimization

WordPress Hardening & Optimization Checklist

A minimal checklist for hardening (securely configuring) and optimization of a WordPress website is provided below.

Hardening (secure configuration):

  • Always keep the operating system of the server where the WordPress website is hosted up to date.Install and configure an application firewall (Wordfence plugin can be used).
  • Install an SSL certificate, deactivate HTTP, and redirect all traffic to HTTPS.
  • Change the URI of /wp-admin/ to something less obvious (WPS Hide Login plugin can simplify the job).
  • Add a 404 page not found and redirect to it in the event of an error or page not being found.
  • Remove all unused files (media, posts, pages, and so on) and empty the trash can.
  • Add a recaptcha to any form (login, post comments, page comments, contacts, etc.).
  • Turn on auto-update for all plugins.
  • Remove all unused files (media, posts, pages, and so on) and empty the trash bin.
  • Change the name of the media file to something related to the website (Media File Renamer plugin can simplify the job).
  • Remove all metadata from images (Jeffrey’s Image Metadata Viewer can be used to verify and “mogrify -strip <image> to remove all metadata).
  • Check and reduce as much as possible the image size transferred to the web browser
  • Add an Alt-Text description to all images.
  • Ensure that if posts show the author, the login userid is not displayed.
  • Ensure GDPR compliance. (GDPR Cookie Consent & Compliance Notice plugin can simplify the job).
  • Create a Privacy Policy page, link it to the footer, and offer it to the user on their first visit.
  • Check for and repair any broken links or mixed-up content. (Image & Link Analyzer can be used).
  • Scan the website for vulnerabilities and fix any that you find (Sucuri vulnerability scanner can be used).
  • Schedule a periodic backup of the website in a data center that is distinct and remote from the one where the website is hosted.
  • Keep an eye on the website’s availability and performance. (Status Cake can be used).
  • Examine whether the website works with or without the “www” in the URL (for example, https://www.mysite.com and https://mysite.com).

Optimization:

  • Examine and reduce the image size transferred to the web browser as much as possible (Jeffrey’s Image Metadata Viewer can be used to verify).
  • Add an Alt-Text description to all images.
  • To install and configure a plugin for caching and image optimization (W3 Total Cache plugin can be used).
  • To install and configure a plugin for analytics (MonsterInsights plugin can be used).

This Post Has 0 Comments

Leave a Reply

Your email address will not be published.

Search