Although I am a security student, I am not a security expert, nor a WordPress security expert. Furthermore, this post only documents a few of the things needed to ensure a WordPress website is healthy. Please read my general disclaimer.
Every so often, it is good to check up on things. I have not been updating my website as much because I have been busy. Here are a few things I did after changing my WordPress theme.
Updating themes and hosting configurations
It is important to keep your theme and website updated. After a theme is retired or a hosting configuration becomes too outdated, the WordPress support team cannot help you debug CSS, plugins, or develop features. I have been blogging for a few years and still need help. Do not rule yourself out of needing help.
By default, WordPress sets your hosting configuration to auto-update for security updates. If you turned this off, I recommend turning it back on in your security settings.
Identify unused plugins
Plugins are one of the largest sources of vulnerabilities on WordPress sites. Most people, including myself, have downloaded them without researching the developer team.
In general, less code equates to less work and less code to monitor for potential vulnerabilities.
According to WPScan, a popular WordPress vulnerability scanner, 97% of vulnerabilities in are found in plugins and themes, while only 4% are located in WordPress’ core software.
🌸👋🏻 Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, software freedom, you get the idea.
Lastly, I made my website simpler. I had a ton of plugins that made my website’s code complicated to read; most of it was for user interface and design. I just removed it. In Marie Kondo’s words, these plugins did not “bring me joy” anymore.
If you are interested in my website’s design, read Like My Website?: Here is How I used Open Source Tools to Build It. I also have some markup examples on Design Elements of My Website.
These are just some of the things you should do when doing quick security checkups. However, since they are quick, you probably do not have time to do everything you want.
This post is part of IGME 599, an Honors FOSS Independent Study at the Rochester Institute of Technology.