Overview
Most WordPress security problems start with outdated software, abandoned plugins, weak passwords, or unmanaged user access.
When this helps
Use this article as a monthly maintenance reference or when taking over an older WordPress website.
Recommended steps
- Review plugin and theme updates on a schedule.
- Remove plugins and themes that are no longer used.
- Keep administrator access limited to people who need it.
- Require strong passwords and two-factor authentication when possible.
- Confirm backups exist before major updates.
Information XMLA may need
- Current plugin list
- Theme name and child theme status
- Administrator users
- Backup method
- Known custom code or integrations
Next step
If the site is business-critical, place it on a managed care plan so updates and review happen consistently.
