Most WordPress hacks are caused by weak defaults. This checklist focuses on actions you can complete in under 30 minutes to significantly increase security.
1. cPanel Security Settings
Enable immediately:
-
Two-Factor Authentication
-
Change cPanel password
-
Enable Hotlink Protection
Disable:
-
Unused FTP accounts
-
Old email accounts
2. WordPress Hardening
Checklist:
-
Change admin username
-
Enforce strong passwords
-
Enable automatic updates
-
Install only necessary plugins
Recommended plugins:
-
Wordfence or iThemes Security (basic features only)
3. File and Access Protection
Add to .htaccess:
Disable XML-RPC if not needed:
4. Backup Strategy (Non-Negotiable)
Minimum setup:
-
Daily backups
-
Offsite storage
-
At least 7 days retention
Never rely on hosting-only backups.
Leave a Reply