As a Developer I have taken measures to limit the possibility of vulnerabilities on my computer, so that security is increased when I work on my site.
- A list of security measures exists
- Security measures have been implemented and are active
As a Developer I have set an update strategy for my site, so that potential security risks are limited.
- The developer has a way to get informed about new wordpress releases
- The site is updated to the most current and secure version
- All plugins are updated to the most current and secure version
- Security measures have been implemented and are active
As a Developer I have checked (and if necessary fixed) the file permissions on my site, so that unauthorized access can be prevented.
- The file permissions of the site are reviewed and set correctly
As a Developer I want to have WordPress access the database with a dedicated user, so that a breach in security doesn't compromise on all other databases on my server.
- A dedicated user for accessing the database with WordPress exists
As a Developer I want to secure the main WordPress administration files, so that attacks targeting these files are harder.
- wp-admin is secured
- wp-includes is secured
- wp-config is secured
As a Developer I want to disable file editing via the backend, so that code cannot be injected via the backend.
- File editing is disabled
As a Developer I want to rename my administrator account, so that attacks using the default username fail.
- The WordPress administrative account is named differently than "admin"