A short checklist that prevents most problems.
- Keep everything updated — WordPress core, themes, plugins, and your PHP version.
- Use strong, unique passwords for cPanel, WordPress, FTP, and databases, and change them periodically.
- Enable two-factor authentication wherever possible (articles 6, 148).
- Install SSL and force HTTPS (articles 140–141).
- Take regular backups and store them off-site (Backups category).
- Remove what you don't use — old plugins, themes, and unused accounts are entry points.
- Enable ModSecurity and scan for malware (articles 153, 152).
- Limit login attempts and protect admin areas (article 154).
Tip: Security is layered — no single step is enough, but together these make your site a hard target.
