10 WordPress security mistakes you're probably making

You can get the WordPress security checklist that can help you identify weaknesses in your WP installation before hackers find vulnerabilities to exploit. I recommend that you perform an audit on your WordPress site every 3 months. Some common issues I find during audits: forgotten backups left in publicly accessible areas usernames of contractors that are no longer working on the site unused plugins ============================ Security News: https://www.zant.com/newsletter/ ============================ I frequently observe several common mistakes WordPress users make on their sites. Jump to the section you might be making: 0:00 Intro, false security of hiding the login URL 1:37 Not securing the hosting account, FTP, SSH, panels, PHPMyAdmin 3:30 Using a predictable or easy-to-guess username for their admin account 3:57 Weak passwords or reusing passwords across a number of services 5:20 No firewall. use Cloudflare, and supplement with Patchstack 6:45 Multiple sites in a cPanel or other add-on domain hosting setup 9:40 Poor user access management policy 10:54 Using nulled plugins or themes 12:25 Not logging out and risking info stealers gaining admin control 13:44 Not paying attention to update alerts, not maintaining a relationship for update alerts from developers 15:16 Not testing backups; backups stored on the server Learn about Passkeys:    • Passkeys are better than passwords   Learn about Info Stealers:    • Info Stealers: The Latest Threat to Your A...   If you're looking for a security plugin, Solid Security is a great option: https://zant.fyi/SolidWP =========================== Connect with me! =========================== Tik Tok: ➡︎   / kathyzant   Instagram: ➡︎   / kathyzant   Facebook: ➡︎   / kathyzant   X/Twitter: ➡︎ https://www.x.com/kathyzant LinkedIn: ➡︎   / kathyzant   #wordpress #wordpresssecurity #infosec