{"id":525,"date":"2025-06-11T14:33:13","date_gmt":"2025-06-11T09:03:13","guid":{"rendered":"https:\/\/www.wpmesh.com\/?p=525"},"modified":"2025-06-11T14:33:15","modified_gmt":"2025-06-11T09:03:15","slug":"wordpress-security-audit","status":"publish","type":"post","link":"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm","title":{"rendered":"WordPress Security Audit: 15+ Best Audit Practice [Checklists]"},"content":{"rendered":"\n<p>The most lacking habit that the majority of bloggers have is, not doing regular <strong>WordPress Security Audit<\/strong>.<\/p>\n\n\n\n<p>Without knowing how vulnerable your website is, you can\u2019t be aware and prepare your website from getting hacked.<\/p>\n\n\n\n<p>For <strong>WordPress Security Audit<\/strong>, there are a number of checklists and markers that you have to follow to give your website the most secure environment.&nbsp;<\/p>\n\n\n\n<p><em>To make this task easier,<\/em> I came up with the <span style=\"text-decoration: underline\">step by step guide on how you can do Security Audit for your WordPress website<\/span> without taking any additional help.<\/p>\n\n\n\n<p>I promise you, you will get all the practical pointers that you can do right away to make your website more secure.<\/p>\n\n\n\n<p>I also want to mention here that these <strong>WordPress Security Audits pointers<\/strong> can be used as a checklist. On each check, <span style=\"text-decoration: underline\">you make your website more secure and less vulnerable to hack.<\/span><\/p>\n\n\n\n<p>Before jumping directly to the <strong>security audit checklist for your WordPress website<\/strong>, let\u2019s have a look at why you should never miss them.<\/p>\n\n\n<div style=\"max-width: -moz-fit-content; \" class=\"wp-block-ub-table-of-contents-block ub_table-of-contents ub_table-of-contents-collapsed\" id=\"ub_table-of-contents-3ea14cba-0aa4-48a9-bb0e-72b1d197542f\" data-linktodivider=\"false\" data-showtext=\"show\" data-hidetext=\"hide\" data-scrolltype=\"auto\" data-enablesmoothscroll=\"true\" data-initiallyhideonmobile=\"false\" data-initiallyshow=\"false\"><div class=\"ub_table-of-contents-header-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-header\" style=\"text-align: left; \">\n\t\t\t\t<div class=\"ub_table-of-contents-title\">Table of Content<\/div>\n\t\t\t\t<div class=\"ub_table-of-contents-header-toggle\">\n\t\t\t<div class=\"ub_table-of-contents-toggle\" style=\"\">\n\t\t\t\u00a0[<a class=\"ub_table-of-contents-toggle-link\" href=\"#\" style=\"\">show<\/a>]\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div><div class=\"ub_table-of-contents-extra-container\" style=\"\">\n\t\t\t<div class=\"ub_table-of-contents-container ub_table-of-contents-1-column ub-hide\">\n\t\t\t\t<ol style=\"\"><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#0-why-is-wordpress-security-audit-important-\" style=\"\">Why is WordPress Security Audit Important?<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#1-how-to-perform-a-wordpress-security-audit-\" style=\"\">How to Perform a WordPress Security Audit?<\/a><ol><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#2-1-update-to-latest-versions-\" style=\"\">#1 Update to Latest Versions<\/a><ol><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#3-on-site-updates-\" style=\"\">On-Site Updates<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#4-server-based-updates-\" style=\"\">Server Based Updates<\/a><\/li><\/ol><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#5-2-strengthen-username-password-and-database-name-\" style=\"\">#2 Strengthen Username, Password, and Database Name<\/a><ol><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#6-changing-credentials-using-wordpress-dashboard-\" style=\"\">Changing Credentials Using WordPress Dashboard<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#7-changing-credentials-using-cpanel-\" style=\"\">Changing Credentials Using cPanel\u00a0<\/a><\/li><\/ol><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#8-3-wordpress-backup-suite-\" style=\"\">#3 WordPress Backup Suite<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#9-4-flushing-unused-plugins-themes-and-files-\" style=\"\">#4 Flushing Unused Plugins, Themes, And files<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#10-5-don%E2%80%99t-upload-gpl-license-plugins-and-themes-\" style=\"\">#5 Don\u2019t Upload GPL license Plugins and Themes<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#11-6-delete-or-restrict-author%E2%80%99s-role-\" style=\"\">#6 Delete or Restrict Author\u2019s Role<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#12-7-block-brute-force-attacks-\" style=\"\">#7 Block Brute Force Attacks<\/a><ol><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#13-a-adding-two-step-authentication-\" style=\"\">A. Adding Two-Step Authentication<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#14-b-limiting-the-number-of-login-attempts-\" style=\"\">B. Limiting the Number of Login Attempts<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#15-c-changing-the-default-login-url-\" style=\"\">C. Changing the Default Login URL<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#16-d-whitelisting-ips-\" style=\"\">D. Whitelisting IPs<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#17-e-adding-cloudflare-free-service-\" style=\"\">E. Adding Cloudflare Free Service<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#18-f-adding-recaptcha-on-comments-amp-login-\" style=\"\">F. Adding reCAPTCHA on Comments &amp; Login<\/a><\/li><\/ol><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#19-8-find-and-eliminate-vulnerabilities-\" style=\"\">#8 Find and Eliminate Vulnerabilities<\/a><ol><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#20-a-evaluate-security-using-on-site-plugins-\" style=\"\">A. Evaluate Security Using On-Site Plugins<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#23-b-evaluating-vulnerability-using-off-site-tools-\" style=\"\">B. Evaluating Vulnerability Using Off-Site Tools<\/a><\/li><\/ol><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#27-9-regenerating-wp-config-salts-amp-keys-\" style=\"\">#9 Regenerating wp-config salts &amp; Keys<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#28-10-force-through-ssl-\" style=\"\">#10 Force Through SSL<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#29-11-disable-file-editor-for-plugins-and-themes-\" style=\"\">#11 Disable File Editor for Plugins and Themes<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#30-12-change-the-prefix-in-the-database-tables-\" style=\"\">#12 Change the Prefix in the Database Tables<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#31-13-create-a-password-protected-directory-\" style=\"\">#13 Create a Password Protected Directory<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#32-14-removing-lost-password-link-\" style=\"\">#14 Removing Lost Password Link<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#33-15-hosting-too-many-website-to-the-same-server-\" style=\"\">#15 Hosting Too Many Website To The Same Server<\/a><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#34-16-evaluate-your-hosting-provider-security-\" style=\"\">#16 Evaluate Your Hosting Provider Security<\/a><\/li><\/ol><\/li><li style=\"\"><a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm#35-final-checklist-for-your-wordpress-security-audit-\" style=\"\">Final Checklist for Your WordPress Security Audit<\/a><\/li><\/ol>\n\t\t\t<\/div>\n\t\t<\/div><\/div>\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"0-why-is-wordpress-security-audit-important-\"><strong>Why is WordPress Security Audit Important?<\/strong><\/h2>\n\n\n\n<p>It is clear that a security audit dictates <em>all the vulnerabilities<\/em> that hackers might use to gain access to your WordPress website.<\/p>\n\n\n\n<p>This will lead to a <span style=\"text-decoration: underline\">very devastating situation<\/span>.<\/p>\n\n\n\n<p>They can demand money. They sell your website content including your user\u2019s data, card details, and very important credentials.<\/p>\n\n\n\n<p>This will create chaos for your business. And once your website gets hacked,<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They may redirect them to other websites.<\/li>\n\n\n\n<li>Sell your client&#8217;s details to the black market.<\/li>\n\n\n\n<li>You might lose Google ranking.<\/li>\n\n\n\n<li>Add malicious code to your website.<\/li>\n\n\n\n<li>Blacklisted by search engines.&nbsp;<\/li>\n\n\n\n<li>And lastly, ask for ransom.<\/li>\n<\/ul>\n\n\n\n<p>This all creates a situation where <span style=\"text-decoration: underline\">your website loses the trust of your fair audiences<\/span>\u2014 not good for the brand.<\/p>\n\n\n\n<p>This is just a glimpse of what is going on today.<\/p>\n\n\n\n<p>To make the security of your website top level, you should always do a <strong>security audit for your WordPress website<\/strong>.<\/p>\n\n\n\n<p>So first, we <span style=\"text-decoration: underline\">have to detect the vulnerability<\/span> of our websites before the hacker does it for us and leverage the opportunity. And finally, hack us.<\/p>\n\n\n\n<p>That\u2019s all.<\/p>\n\n\n\n<p>Now, without wasting time, let\u2019s have a detailed look at how you can perform a <strong>Security Audit for your WordPress website<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-how-to-perform-a-wordpress-security-audit-\"><strong>How to Perform a WordPress Security Audit?<\/strong><\/h2>\n\n\n\n<p>There are a total of 16 checklist in this step by step guide on WordPress Security Audit.<\/p>\n\n\n\n<p>Among 15 checklists, 13 are for every website owner, and the rest 3 are for the owners whose websites are continuously hit by hackers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-1-update-to-latest-versions-\"><strong>#1 Update to Latest Versions<\/strong><\/h3>\n\n\n\n<p>About half of the website owners don\u2019t open their WordPress website weekly. As time is changing, the frequency of updates for plugins and themes also increases.<\/p>\n\n\n\n<p>This builds the most vulnerable situation for your website&#8217;s security.<\/p>\n\n\n\n<p>Majorly, <span style=\"text-decoration: underline\">there are two types of updates<\/span>: one is on-site updates and the other is server-based updates.<\/p>\n\n\n\n<p><strong>On-site updates include<\/strong> updates that don&#8217;t require to access the control panel of your server. They can be updated right from your WordPress dashboard.<\/p>\n\n\n\n<p>However, server-based updates generally require control panel access to update them. PHP updates are some of them.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"3-on-site-updates-\"><strong>On-Site Updates<\/strong><\/h4>\n\n\n\n<p>In terms of updating on-site, you can either update via the \u2018update\u2019 option in the plugins section or you can upload them manually.<\/p>\n\n\n\n<p>To update the WordPress core, plugins, and themes, you can go to the \u2018update\u2019 section\u2014 right after the dashboard section\u2014 and update from this single window.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/On-Site-Updates.jpg\" alt=\"On-Site Updates the first step of WordPress Security Audit\" class=\"wp-image-533\"\/><\/figure>\n<\/div>\n\n\n<p>One more thing, with WordPress 5.6 update, there are auto-update features for the WordPress core and plugins.<\/p>\n\n\n\n<p>So, if you\u2019re <span style=\"text-decoration: underline\">not-so-regular to using WordPress<\/span>, you can switch on the auto-update option.<\/p>\n\n\n\n<p>But, <em>don\u2019t enable the auto-update feature for WordPress core. <strong>Why?<\/strong><\/em><\/p>\n\n\n\n<p>Because it might break your website. This is what happens to millions of website owners.<\/p>\n\n\n\n<p>With WordPress 5.5, millions of websites got broken because <span style=\"text-decoration: underline\">WordPress developers remove jQuery<\/span> from the WordPress directory. And sites that are based on jQuery hit by this update.<\/p>\n\n\n\n<p>Therefore, I highly suggest not to enable the auto-update feature for WordPress core updates and always take a backup before updating WordPress.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"4-server-based-updates-\"><strong>Server Based Updates<\/strong><\/h4>\n\n\n\n<p>Most of the server-based updates are governed by the hosting providers. However, one of the crucial updates\u2014 PHP, is important to update.<\/p>\n\n\n\n<p>WordPress 5.6 and latest, support PHP version up to 8.<\/p>\n\n\n\n<p>But I would say, for now, <strong>don&#8217;t go beyond v7.3<\/strong> because the majority of plugins and themes don&#8217;t support PHP v8.<\/p>\n\n\n\n<p>Moreover, the majority of hosting providers use cPanel to manage their servers. So, if you have a cPanel based server, follow the following pointers to update PHP.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to cPanel<\/li>\n\n\n\n<li>In the search tab, search PHP.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/select-php-version-1.jpg\" alt=\"change username and password using phpMyAdmin \" class=\"wp-image-534\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the result tab, click on \u201cSelect the PHP\u201d<\/li>\n\n\n\n<li>Now, click on v7.3 and save the settings.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/select-php-version-2.jpg\" alt=\"Updating the php version is also a part of WordPress Security Audit\" class=\"wp-image-535\"\/><\/figure>\n\n\n\n<p>While doing on-site or server-based updates, <strong>you always should first take the backup of your website.<\/strong><\/p>\n\n\n\n<p>This is significantly important because new updates might not be compatible with your website theme or create conflicts with other plugins. <\/p>\n\n\n\n<p>So, it is a better idea that <span style=\"text-decoration: underline\">you should always take back before updating<\/span>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-2-strengthen-username-password-and-database-name-\"><strong>#2 Strengthen Username, Password, and Database Name<\/strong><\/h3>\n\n\n\n<p>For obvious, a weak username and password are the most predictable loose ends. And as the owner, you don\u2019t want to be in that category.<\/p>\n\n\n\n<p>You should strengthen your login credentials\u2014 after all, they are important.<\/p>\n\n\n\n<p>As the username, it should not be:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>As the author&#8217;s name.<\/li>\n\n\n\n<li>Your initials&nbsp;<\/li>\n\n\n\n<li>Emails prefix<\/li>\n<\/ul>\n\n\n\n<p>The username should be <span style=\"text-decoration: underline\">impossible to predict<\/span> so that no one ever guesses that.<\/p>\n\n\n\n<p>To check the possibility of getting predictive, you can use a mix the name with your favorite person or animal along with some random numbers.<\/p>\n\n\n\n<p><em>This is how you can make the best username for your WordPress. <\/em><strong>But what about passwords?&nbsp;<\/strong><\/p>\n\n\n\n<p>Unlike username, where you can\u2019t use special symbols, in password, you have full disclosure to use them.<\/p>\n\n\n\n<p>A secure password should:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not only your name, DOB, or any name.<\/li>\n\n\n\n<li>Contains at least one special character.<\/li>\n\n\n\n<li>At least 8 lettered.<\/li>\n\n\n\n<li>Have both upper and lower case.<\/li>\n<\/ul>\n\n\n\n<p>Moreover, while creating the password for your website, there is a <strong>password enhancer tool<\/strong> that states the password strength in numbers (up to 100) and green color. So, try to get 100\/100 here.<\/p>\n\n\n\n<p>But now the question arises, <strong>how can you edit or create new credentials for your website?&nbsp;<\/strong><\/p>\n\n\n\n<p>You can do this by these two measures:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Using WordPress dashboard<\/li>\n\n\n\n<li>Using cPanel\u2019s Window<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"6-changing-credentials-using-wordpress-dashboard-\"><strong>Changing Credentials Using WordPress Dashboard<\/strong><\/h4>\n\n\n\n<p>To change the password from your WordPress Dashboard, you have to<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to the Users section<\/li>\n\n\n\n<li>Click on the  &#8220;Profile\u201d segment<\/li>\n\n\n\n<li>Hover to \u201cAccount Management\u201d and click on \u201cGenerate password\u201d<\/li>\n\n\n\n<li>Enter the new password here.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Changing-Credentials-Using-WordPress-Dashboard.jpg\" alt=\"how to change password for your wordpress user for more security \" class=\"wp-image-536\"\/><\/figure>\n\n\n\n<p>The above guide is only for changing the password for your username. But <em>what if you want to change your username?<\/em><\/p>\n\n\n\n<p>You have two options:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create and new profile and delete the prior one, or<\/li>\n\n\n\n<li>Use plugin\u2014 <a href=\"https:\/\/sna.wordpress.org\/plugins\/username-updater\/\" target=\"_blank\" rel=\"noreferrer noopener\">Easy Username updater<\/a><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"7-changing-credentials-using-cpanel-\"><strong>Changing Credentials Using cPanel&nbsp;<\/strong><\/h4>\n\n\n\n<p>To change the password using cPanel, you also have two option:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using WordPress Installation window<\/li>\n\n\n\n<li>Using phpMyAdmin<\/li>\n<\/ul>\n\n\n\n<p>But for changing both username and password, you have to use phpMyAdmin.<\/p>\n\n\n\n<p>To change the author\u2019s password using the WordPress Installation window, follow the same:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/wordpress-change-password-from-cpanel.jpg\" alt=\"Changing Credentials Using cPanel \" class=\"wp-image-537\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Search for WordPress.<\/li>\n\n\n\n<li>Click on &#8220;WordPress Management&#8221;<\/li>\n\n\n\n<li>Select the Site, and click on &#8220;Change Password&#8221;<\/li>\n\n\n\n<li>Now, enter the respective username (old) and new password.<\/li>\n\n\n\n<li>Hit the Save button.<\/li>\n<\/ol>\n\n\n\n<p><strong>Changing Credentials Using phpMyAdmin<\/strong><\/p>\n\n\n\n<p>To create, edit or change the username and\/or password, follow the same:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Search for \u2018phpMyAdmin\u2019 in the search column.<\/li>\n\n\n\n<li>Click on phpMyAdmin.<\/li>\n\n\n\n<li>Select the respective database of your website.<\/li>\n\n\n\n<li>On the left, you will see WordPress database tables with the suffix \u201cwp\u201d.<\/li>\n\n\n\n<li>Click on \u201cwp_users\u201d and select the \u2018edit\u2019 option with the respective author that you want to edit.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Changing-Credentials-using-phpMyAdmin.jpg\" alt=\"Changing Credentials using phpMyAdmin\" class=\"wp-image-539\"\/><\/figure>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Now, change the username and password, and click the \u2018Go\u2019 button.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-3-wordpress-backup-suite-\"><strong>#3 WordPress Backup Suite<\/strong><\/h3>\n\n\n\n<p>Take backup\u2014 even when you\u2019re not doing a security audit \u2014of your WordPress website is important.&nbsp;<\/p>\n\n\n\n<p>Backups are the crucial saving that keeps you away from any blunder that happens due to editing the malicious codes or storing the website before it was hit by the attackers.&nbsp;<\/p>\n\n\n\n<p>Apart from this, one additional step that you should take is to <span style=\"text-decoration: underline\">check whether your backups are restorable or not.<\/span><\/p>\n\n\n\n<p>Moreover, <strong>try to download backups<\/strong> regularly of your website to other cloud storage or locally. This would help you restore the files even after hackers delete them from the dashboard.<\/p>\n\n\n\n<p>This majorly happens because hackers delete the backups files too, to make owners helpless while restoring their website.<\/p>\n\n\n\n<p><span style=\"text-decoration: underline\">Many hosting companies take regular backup<\/span> of your website but I would suggest don\u2019t fully depend on them.<\/p>\n\n\n\n<p>You should install UpdraftPlus or iThemes BackupBuddy. You can also check other <a href=\"https:\/\/veewom.com\/articles\/best-wordpress-backup-plugins.htm\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/veewom.com\/articles\/best-wordpress-backup-plugins.htm\" rel=\"noreferrer noopener\">backup plugins <\/a>for your WordPress website.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"9-4-flushing-unused-plugins-themes-and-files-\"><strong>#4 Flushing Unused Plugins, Themes, And files<\/strong><\/h3>\n\n\n\n<p>Did you know? A big part of hacks is due to unused plugins and themes. Hackers use flaws of out-dated plugins and themes to create a backdoor to your website.<\/p>\n\n\n\n<p><em>So, it\u2019s better to flush them all out.<\/em><\/p>\n\n\n\n<p>This not only makes your website lite but also removes the flaws of out-dated plugins and themes.<\/p>\n\n\n\n<p>To delete plugins, you just have to hover to the plugins section and click on the delete option, at the bottom of each plugin.<\/p>\n\n\n\n<p>Deleting additional themes is a little bit different. To delete them you have to first visit the theme section and click on the additional theme.<\/p>\n\n\n\n<p>After that, at the bottom left of the screen, you have the option to delete them.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/deleting-themes-for-wordpress.jpg\" alt=\"deleting unused themes for WordPress dashboards for security audit\" class=\"wp-image-541\"\/><\/figure>\n\n\n\n<p>Now, you deleted plugins. You deleted themes.<strong> What\u2019s more? <\/strong>The extra files.<\/p>\n\n\n\n<p>Extra files such as unused images, files, and pdfs should also be deleted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"10-5-don%E2%80%99t-upload-gpl-license-plugins-and-themes-\"><strong>#5 Don\u2019t Upload GPL license Plugins and Themes<\/strong><\/h3>\n\n\n\n<p>Nowadays, bloggers are taking advantage of GPL licensed files at the cost of their WordPress security.<\/p>\n\n\n\n<p>In the majority of cases, GPL licensed plugins and themes let you enjoy premium features for free.<\/p>\n\n\n\n<p><strong>Wait!<\/strong> I had seen many cases where these files became the culprit for the hacks and security breaches. It also happens to me.<\/p>\n\n\n\n<p>You can even google it if you don\u2019t believe me. To save your time, check <a href=\"https:\/\/pagely.com\/blog\/unlicensed-wordpress-plugins-themes\/\" target=\"_blank\" rel=\"noopener\">this article by pagely.<\/a>&nbsp;<\/p>\n\n\n\n<p>I am not saying, they are always the culprit but why take chances.<\/p>\n\n\n\n<p>Honestly, in the beginning, I used to have some GPL license plugins and themes. After learning my lesson\u2014 I shared my story later in the post\u2014 I completely flushed them out.<\/p>\n\n\n\n<p>And this is what<em> I also recommend you to do so<\/em>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"11-6-delete-or-restrict-author%E2%80%99s-role-\"><strong>#6 Delete or Restrict Author\u2019s Role<\/strong><\/h3>\n\n\n\n<p>Many of the bloggers skip this part but you should never underestimate it.<\/p>\n\n\n\n<p>When your website has too many authors, and some are not working for you, it&#8217;s better to cut them permanently off.<\/p>\n\n\n\n<p>This will <span style=\"text-decoration: underline\">help to rectify any misuse of their credential<\/span> for gaining access to your website.&nbsp;<\/p>\n\n\n\n<p><strong>I am not saying<\/strong>, you should delete extra authors, but my point of saying is, deliberately or by mistake, their credentials can be used by hackers to get access to your WordPress dashboard.<\/p>\n\n\n\n<p>But \u201c<em>I don\u2019t want to delete them?\u201d What are other options? <\/em>You can change their password.<\/p>\n\n\n\n<p>As they are not working for you and you don\u2019t want to permanently delete the account then <span style=\"text-decoration: underline\">it&#8217;s better to change their password by using phpMyAdmin.<\/span><\/p>\n\n\n\n<p>It saves your website from any misuse of their passcodes.&nbsp;<\/p>\n\n\n\n<p>For more security of multi-authored websites, it is <span style=\"text-decoration: underline\">better to restrict the access of various authors<\/span> to change or manipulate a certain section of your WordPress.<\/p>\n\n\n\n<p>The following video shows you how you can restrict the access of authors for WordPress websites.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How to Restrict Authors to Specific Category in WordPress  2021\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/2yxj9YSM0cc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"12-7-block-brute-force-attacks-\"><strong>#7 Block Brute Force Attacks<\/strong><\/h3>\n\n\n\n<p>If you are trying to access someone else&#8217;s accounts using some sets of passwords and usernames, then you are doing a <strong>brute force attack.<\/strong><\/p>\n\n\n\n<p>I hope you understand what a Brute Force attack is.<\/p>\n\n\n\n<p><em>But how can you block this force attack?<\/em><\/p>\n\n\n\n<p>To <strong>stop these attacks,<\/strong> you have to do mainly 3 things. These are adding two-step authentication, limiting login attempts, and changing the default login URL.<\/p>\n\n\n\n<p><em>How to check your Website is Brute Force Attacks?<\/em> By checking the Google analytic.<\/p>\n\n\n\n<p>If you saw <span style=\"text-decoration: underline\">any abnormal dip in the traffic<\/span>, usually by a very large margin, there is a possibility that your website is under brute attack.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"13-a-adding-two-step-authentication-\"><strong>A. Adding Two-Step Authentication<\/strong><\/h4>\n\n\n\n<p>To add two-step authentication, there are a number of plugins. But, if you ask me to suggest one, I would say, \u201c<a href=\"https:\/\/wordpress.org\/plugins\/two-factor-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Two Factor Authentication by UpdraftPlus author\u2019s<\/a>\u201d.<\/p>\n\n\n\n<p>They are simple yet do their job perfectly.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Two-Factor-Authentication-by-UpdraftPlus-authors..jpg\" alt=\"Two Factor Authentication by UpdraftPlus author\u2019s\" class=\"wp-image-543\"\/><\/figure>\n\n\n\n<p>To add two-step authentication to WordPress website:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>First, go to the plugins section and click \u201cAdd new\u201d<\/li>\n\n\n\n<li>In the search bar, type \u201cTwo Factor Authentication\u201d.<\/li>\n\n\n\n<li>Install the plugin with the same name and activate it.<\/li>\n\n\n\n<li>Now, go to the plugin\u2019s main page, and hover to its setting module.<\/li>\n\n\n\n<li>By default, it is set to disable. You have to enable it with the code that will be listed below the activation box.<\/li>\n\n\n\n<li>Now, select \u201cEnabled\u201d and save changes.<\/li>\n<\/ol>\n\n\n\n<p>After the primary setup, at the bottom, it would ask you to choose in between TOTP and HOTP<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>&nbsp;TOTP: <\/strong>Time-based OTP. They are the most common algorithms that are even used by Google Authenticator.<\/li>\n\n\n\n<li><strong>&nbsp;HOTP:<\/strong> Hash-based OTP. They are event-based authentication systems.<\/li>\n<\/ul>\n\n\n\n<p>My personal choice is TOTP.<\/p>\n\n\n\n<p>Whether you chose TOTP or HOTP, you should <span style=\"text-decoration: underline\">save the private key that is listed on the page<\/span>. This would help you in the future if you don\u2019t have an authenticator system.&nbsp;&nbsp;<\/p>\n\n\n\n<p>You can also watch the following video to add 2 step authentication.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How to Add OTP Based Two Factor Authentication in WordPress for Free 2020\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/psB0ys8aDJg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"14-b-limiting-the-number-of-login-attempts-\"><strong>B. Limiting the Number of Login Attempts<\/strong><\/h4>\n\n\n\n<p>Similarly, like 2-step authentication, limiting the login attempts can save your web from brute force attack.<\/p>\n\n\n\n<p>And for that, you have to just install a plugin named &#8220;<a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\" rel=\"noreferrer noopener\">Limit Login Attempts Reloaded<\/a>\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/limit-the-logins.jpg\" alt=\"Limiting the Number of Login Attempts\" class=\"wp-image-544\"\/><\/figure>\n\n\n\n<p>After installing the plugins,<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to \u201cSetting\u201d &gt;&gt; Limit Login Attempts &gt;&gt; Setting tab.<\/li>\n\n\n\n<li>Scroll to App setting with subtitle, \u201clocal App\u201d.<\/li>\n\n\n\n<li>By default, it is set to 4. You can change whatever you want.<\/li>\n\n\n\n<li>Save changes by clicking the \u201cSave Setting\u201d button.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"15-c-changing-the-default-login-url-\"><strong>C. Changing the Default Login URL<\/strong><\/h4>\n\n\n\n<p>By default, the WordPress login URL is \u201csite.com\/wp-admin\/\u201d. So, it is easier for hackers to use the credentials to log in to your WordPress dashboard.<\/p>\n\n\n\n<p>As the default login URLs get changed to a new one, the unauthorized person <span style=\"text-decoration: underline\">isn&#8217;t able to find the page<\/span> where he\/she put the details for successful login.&nbsp;<\/p>\n\n\n\n<p>So, by changing the default login URL, even if a person has your login details, <span style=\"text-decoration: underline\">they cannot log-in<\/span>, unless they have your cPanel access too.<\/p>\n\n\n\n<p>In order to change the default login URL, you simply have to add a new plugin\u2014 <a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noreferrer noopener\">WPS Hide Login<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/WPS-login-hide-wordpress.jpg\" alt=\"WPS Hide Login\" class=\"wp-image-545\"\/><\/figure>\n\n\n\n<p>Just activate it, and hover to the plugins setting. After that put the suffix word in the place of wp-admin.<\/p>\n\n\n\n<p><strong>For example<\/strong>: \u201csite.com\/wp-admin\/\u201d can be replaced with \u201csite.com\/iloveblogging\/\u201d or&nbsp; \u201csite.com\/hideme\/\u201d<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"16-d-whitelisting-ips-\"><strong>D. Whitelisting IPs<\/strong><\/h4>\n\n\n\n<p>All of the above three distinctive ways, alone decrease the chances of getting hacked by 99% using brute-forcing. But there&#8217;s another pointer that clears any constriction related to brute attacks i.e Whitelisting IPs to the dashboard.<\/p>\n\n\n\n<p>Whitelisting IPs to the dashboard <span style=\"text-decoration: underline\">allow you and authors to log in only with specific static IPs<\/span>. This makes you 100% safe from any type of brute attacks.<\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#c0ffe6\"><strong>Please Note:<\/strong> They are useful only when you\u2019re using static IPs, not dynamic IPs. Static IPs do not change, while dynamic IPs such as mobile internet that changes every time you switch on-off airplane mode.&nbsp;<\/p>\n\n\n\n<p><strong>So, only use<\/strong>, if you\u2019re using a static Wifi or LAN service. Otherwise, you can\u2019t log in to your dashboard with any other IPs.&nbsp;<\/p>\n\n\n\n<p>For more details, you can watch the video from <a href=\"https:\/\/themeisle.com\/blog\/whitelist-ip-addresses-in-wordpress\/\" target=\"_blank\" rel=\"noopener\">here.<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"17-e-adding-cloudflare-free-service-\"><strong>E. Adding Cloudflare Free Service<\/strong><\/h4>\n\n\n\n<p>With a free Cloudflare account, you are not only getting a free CDN for your website but also primitive security.<\/p>\n\n\n\n<p>The free plan is a great choice for small business owners. In addition, it <span style=\"text-decoration: underline\">protects your website from attacks like DDoS<\/span>.<\/p>\n\n\n\n<p>Moreover, you will <span style=\"text-decoration: underline\">get a free SSL\/TLS certificate<\/span> that further encrypts the data while transferring from the server to the user.<\/p>\n\n\n\n<p>So, you can get entry-level protection for free.<\/p>\n\n\n\n<p>For more security features, you can also subscribe to their paid plans, starting with $20\/ month.<\/p>\n\n\n\n<p>For setting up a free account, you can watch the following video on how to set up a free Cloudflare account.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"How To Setup CloudFlare to Your Website 2019\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/chZyyypxv4I?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"18-f-adding-recaptcha-on-comments-amp-login-\"><strong>F. Adding reCAPTCHA on Comments &amp; Login<\/strong><\/h4>\n\n\n\n<p>You may know, the majority of <span style=\"text-decoration: underline\">security breaches and spam comments are due to bot attacks.<\/span><\/p>\n\n\n\n<p>To decipher these types of attacks and spam comments, you can add reCAPTCHA to various submission forms including your login page.<\/p>\n\n\n\n<p>By doing so, <em>any bot attack can be halted<\/em>.&nbsp;<\/p>\n\n\n\n<p>To activate it, you just have to add a plugin named \u201c<a href=\"https:\/\/wordpress.org\/plugins\/simple-google-recaptcha\/\" target=\"_blank\" rel=\"noreferrer noopener\">Simple Google reCAPTCHA<\/a>\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/recaptcha-login-for-wordpress.jpg\" alt=\"Simple Google reCAPTCHA\" class=\"wp-image-546\"\/><\/figure>\n\n\n\n<p>Using this plugin, you can protect brute force attacks or spam to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login form<\/li>\n\n\n\n<li>Comment form<\/li>\n\n\n\n<li>Registration form<\/li>\n\n\n\n<li>New password and reset password form<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"19-8-find-and-eliminate-vulnerabilities-\"><strong>#8 Find and Eliminate Vulnerabilities<\/strong><\/h3>\n\n\n\n<p>If you\u2019re following this list for WordPress Security audit, from now, you nearly protect your website from getting hacked by external means.<\/p>\n\n\n\n<p><em>But what if the attack is due to vulnerabilities in your website databases?<\/em>&nbsp;<\/p>\n\n\n\n<p><span style=\"text-decoration: underline\">To tackle all the on-site vulnerabilities<\/span>, there are a lot of security plugins and online tools. So, I am going to give you a detailed look at each of them.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"20-a-evaluate-security-using-on-site-plugins-\"><strong>A. Evaluate Security Using On-Site Plugins<\/strong><\/h4>\n\n\n\n<p>For this, I am going to show you the two most trusted and commonly used security plugins that will rephrase your on-site vulnerabilities<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"21-wordfence-security-%E2%80%93-firewall-amp-malware-scan-\"><strong>Wordfence Security \u2013 Firewall &amp; Malware Scan<\/strong><\/h5>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Wordfence-pluign-for-wordpress-security.jpg\" alt=\"Wordfence Security \u2013 Firewall &amp; Malware Scan WordPress audit\" class=\"wp-image-548\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wordfence<\/a> provides you with the ability to scan the vulnerabilities, malware, and loopholes that a hacker can take advantage of to access your login area.<\/p>\n\n\n\n<p>Moreover, it also provides an on-site firewall that adds firmness to your website protection.<\/p>\n\n\n\n<p>In addition, it is free and best known for its protection.<\/p>\n\n\n\n<p>For evaluating the loopholes\u2014 after installing and activating it\u2014 go to the Wordfence dashboard and hover to the \u2018scan\u2019 option.<\/p>\n\n\n\n<p>Now, click on manage scan. In the follow-up window, click on high sensitivity and click on \u201cSave Changes\u201d.<\/p>\n\n\n\n<p>This time, you again have to click on the scan button, and click on \u201cStart New Scan\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/wordfence-security-plugins-scan.jpg\" alt=\"Scanning wordpress website using Wordfence\" class=\"wp-image-549\"\/><\/figure>\n\n\n\n<p>You have to wait a couple of minutes to half hours (or evermore based on website size). After that, fix all the necessary vulnerabilities that are listed in the column.&nbsp;<\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#c0ffe6\"><strong>Please Note: <\/strong>High sensitive scan is a very powerful means of determining the vulnerability, but it takes a lot of server resources and computing. This leads to the slow loading of websites.<br>So, I would recommend switching back to the default scan after you scan all the vulnerabilities for the first time.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"22-sucuri-security-plugin-\"><strong>Sucuri Security Plugin<\/strong><\/h5>\n\n\n\n<p>The best paid and all-in-one solution for WordPress security.<\/p>\n\n\n\n<p>Sucuri Security plugins are as much (even more) powerful security plugins for your WordPress website than Wordfence.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Sucuri-Security-Plugin.jpg\" alt=\"Scanning WordPress using sucuri wp plugin\" class=\"wp-image-550\"\/><\/figure>\n\n\n\n<p>The plugin <span style=\"text-decoration: underline\">offers you a flexible approach to finding the vulnerabilities<\/span> along with various security hardening means.&nbsp;<\/p>\n\n\n\n<p>However, to activate this plugin you required an API key and for that, you have to subscribe to Sucuri plans which started from $199\/year.<\/p>\n\n\n\n<p>Though the free version is also available, it is not that much powerful as Wordfence. So, if you want to use <span style=\"text-decoration: underline\">a free security plugin, Wordfence is for you.<\/span><\/p>\n\n\n\n<p>But if you are willing to invest some money in your website security, I recommend you to go with Sucuri.<\/p>\n\n\n\n<p>For a more detailed guide, you can watch the <a href=\"https:\/\/www.youtube.com\/watch?v=-brxiDRsiIw\" target=\"_blank\" rel=\"noopener\">full installation and work of Sucuri Security plugin<\/a> on youtube.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"23-b-evaluating-vulnerability-using-off-site-tools-\"><strong>B. Evaluating Vulnerability Using Off-Site Tools<\/strong><\/h4>\n\n\n\n<p>After doing the on-site vulnerability test using plugins, it is better to confirm with other off-site online tools.<\/p>\n\n\n\n<p>For this, I am going to show you the <span style=\"text-decoration: underline\">three tools that help you do WordPress security audits<\/span> without taking too much time and load on your server.<\/p>\n\n\n\n<p>Moreover, try to scan your website from all of these three tools.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"24-sucuri-sitecheck-\"><strong>Sucuri SiteCheck<\/strong><\/h5>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/Sucuri-SiteCheck.jpg\" alt=\"Sucuri SiteCheck online WordPress security audit tool\" class=\"wp-image-551\"\/><\/figure>\n\n\n\n<p>An online tool that not only scans your submitted URL for malware but also in blacklisted databases.<\/p>\n\n\n\n<p>The <span style=\"text-decoration: underline\">malware scan is not restricted to the specific URL<\/span> but also scans the supplementary pages that are associated with the submitted URL.<\/p>\n\n\n\n<p>In terms of the security scan, the tool promises to interpret other vulnerabilities such as malicious code and spam injection.<\/p>\n\n\n\n<p>In addition, it also checks the URL for <span style=\"text-decoration: underline\">8 different blacklisted data<\/span>.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-499968f5 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/sitecheck.sucuri.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">Scan Your Website Now<\/a><\/div>\n<\/div>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"25-isitwp-site-check-\"><strong>IsitWP Site Check<\/strong><\/h5>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/IsitWP-site-check.jpg\" alt=\"IsitWP Site Check\" class=\"wp-image-552\"\/><\/figure>\n\n\n\n<p>IsitWp is another online tool that lets you do a lite security audit for your WordPress website.<\/p>\n\n\n\n<p>The tool is powered by Sucuri with some distinctive security features. However, the results are more likely to be the same as Sucuri.&nbsp;<\/p>\n\n\n\n<p>It scans your website on parameters with the integrated tools such as Google Safe Browsing, Safe Web, PhishTank, The Opera browser, SiteAdvisor, The Sucuri Malware Labs, SpamHaus DBL,&nbsp;Yandex (via Sophos), and ESET.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-499968f5 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.isitwp.com\/WordPress-website-security-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener\">Scan Your Website With IsitWP<\/a><\/div>\n<\/div>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"26-google-safe-browsing-\"><strong>Google Safe Browsing<\/strong><\/h5>\n\n\n\n<p>As all we know, Google is the largest search engine.<\/p>\n\n\n\n<p><span style=\"text-decoration: underline\">Google has tons of crawlers and security measures<\/span> to depict whether a URL is safe to visit or not.&nbsp;<\/p>\n\n\n\n<p>You can also use the <a href=\"https:\/\/transparencyreport.google.com\/safe-browsing\/search\" target=\"_blank\" rel=\"noreferrer noopener\">Google Safe Browsing tool<\/a> to know whether your URL has malicious code or not. It also portrays the malware scan for that URL.<\/p>\n\n\n\n<p>Moreover, <span style=\"text-decoration: underline\">if you are using Google Search Console<\/span>, you will be notified of all the vulnerabilities and malware that are blocked due to various means.<\/p>\n\n\n\n<p>The following images show no issues in terms of security in the Google Search Console.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/google-search-console-with-no-issues.jpg\" alt=\" Google Search Console with no malware issue\" class=\"wp-image-553\"\/><\/figure>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-499968f5 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/transparencyreport.google.com\/safe-browsing\/search\" target=\"_blank\" rel=\"noreferrer noopener\">Scan Your Website With IsitWP<\/a><\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"27-9-regenerating-wp-config-salts-amp-keys-\"><strong>#9 Regenerating wp-config salts &amp; Keys<\/strong><\/h3>\n\n\n\n<p>For acknowledgment, Salts keys are a type of hash codes that are <span style=\"text-decoration: underline\">used to encrypt sensitive data.<\/span><\/p>\n\n\n\n<p>Without these salt keys, anybody can read sensitive information such as username, password, card details, etc.<\/p>\n\n\n\n<p>That\u2019s why it is better to reset WordPress salt keys and generate wp-config salts.&nbsp;<\/p>\n\n\n\n<p>Moreover, <span style=\"text-decoration: underline\">if your website gets hacked<\/span> then it is far better to change them asap.<\/p>\n\n\n\n<p>To change and regenerate these salts keys, there are a lot of sequential codes to write which could be hard and confusing for beginners.<\/p>\n\n\n\n<p>So, I came up with a beginner-friendly alternative plugin\u2014 <a href=\"https:\/\/wordpress.org\/plugins\/salt-shaker\/\" target=\"_blank\" rel=\"noreferrer noopener\">Salt Shaker Plugin<\/a>.<\/p>\n\n\n\n<p>You only have to install and activate it.<\/p>\n\n\n\n<p>In addition, you can <span style=\"text-decoration: underline\">also schedule the change<\/span>. And I would suggest, you should stick with the monthly auto-salt key generator option.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"28-10-force-through-ssl-\"><strong>#10 Force Through SSL<\/strong><\/h3>\n\n\n\n<p>I am pretty assured that you all have an SSL certificate. It is quite common for your website security.<\/p>\n\n\n\n<p><em>Installing an SSL certificate doesn\u2019t make your website fully secure<\/em>.<\/p>\n\n\n\n<p>In general, your website has two versioned URLs i.e., HTTP and HTTPS.<\/p>\n\n\n\n<p>As you know, HTTPS means the URL has an SSL certificate. But <span style=\"text-decoration: underline\">it alone doesn&#8217;t force the HTTP version<\/span> of your site to redirect through HTTPS.&nbsp;<\/p>\n\n\n\n<p>To do so, you need to change your .htaccess file. The following video will help you with that.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Redirect http to https using .htaccess file (works with WordPress)\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/lQsmXS3hKsk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>But <span style=\"text-decoration: underline\">if you want a simple solution<\/span> to force redirect every URL of the website to HTTPS, you can simply install <a href=\"https:\/\/wordpress.org\/plugins\/really-simple-ssl\/\" target=\"_blank\" rel=\"noreferrer noopener\">Really Simple SSL plugin<\/a>.&nbsp;<\/p>\n\n\n\n<p>Just install, and activate it. That\u2019s all.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"29-11-disable-file-editor-for-plugins-and-themes-\"><strong>#11 Disable File Editor for Plugins and Themes<\/strong><\/h3>\n\n\n\n<p>Most of the coding stuff is in plugins and themes. That\u2019s why hackers add malicious code into the plugins and themes files.<\/p>\n\n\n\n<p>Once malicious code is injected into plugins and themes files, <span style=\"text-decoration: underline\">it is tough to find and decipher them.<\/span><\/p>\n\n\n\n<p>In order to protect your plugins and themes source code, it is better to <span style=\"text-decoration: underline\">disable the file editor option<\/span> in the WordPress dashboard.<\/p>\n\n\n\n<p>To disable the file editor module, just follow the following pointers:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to your cPanel account.<\/li>\n\n\n\n<li>Search and open the file explorer.<\/li>\n\n\n\n<li>Open your website file (usually in public.html)<\/li>\n\n\n\n<li>Click and open wp-config.php file.<\/li>\n\n\n\n<li>Paste the following code in between the code.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: php; title: ; notranslate\" title=\"\">\ndefine( &#039;DISALLOW_FILE_EDIT&#039;, true );\n<\/pre><\/div>\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Now, click on the Save button.<\/li>\n<\/ol>\n\n\n\n<p class=\"has-background\" style=\"background-color:#c0ffe6\"><strong>Please Note:<\/strong> Before editing codes to wp-config.php file, make a copy or download it locally. So, if something gets wrong, you can replace the original one.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"30-12-change-the-prefix-in-the-database-tables-\"><strong>#12 Change the Prefix in the Database Tables<\/strong><\/h3>\n\n\n\n<p>After the WordPress plugin and theme files, the next most vulnerable data is your WordPress database tables.<\/p>\n\n\n\n<p>In general, each table in your WordPress database has a prefix \u201cwp_\u201d like for post: \u201cwp_post\u201d, for users: \u201cwp_users\u201d, and so on\u2026<\/p>\n\n\n\n<p>First of all, <span style=\"text-decoration: underline\">it is not the vulnerability<\/span>, but by changing so, your website is more secure than ever.<\/p>\n\n\n\n<p>So, you can change the prefix with something not-so-common word or alphanumeric codes. It is fully up to you, which combination you will use.&nbsp;<\/p>\n\n\n\n<p>To change all the prefix values of tables, do the same:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to cPanel and click on phpMyAdmin.<\/li>\n\n\n\n<li>You got a list of 11 tables with a default name \u201cwp_\u201d<\/li>\n\n\n\n<li>Now, click on the SQL button and paste the following code.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: sql; title: ; notranslate\" title=\"\">\nRENAME table `wp_commentmeta` TO `myweb21a_commentmeta`;\nRENAME table `wp_comments` TO `myweb21a_comments`;\nRENAME table `wp_links` TO `myweb21a_links`;\nRENAME table `wp_options` TO `myweb21a_options`;\nRENAME table `wp_postmeta` TO `myweb21a_postmeta`;\nRENAME table `wp_posts` TO `myweb21a_posts`;\nRENAME table `wp_terms` TO `myweb21a_terms`;\nRENAME table `wp_termmeta` TO `myweb21a_termmeta`;\nRENAME table `wp_term_relationships` TO \n`myweb21a_term_relationships`;\nRENAME table `wp_term_taxonomy` TO `myweb21a_term_taxonomy`;\nRENAME table `wp_usermeta` TO `myweb21a_usermeta`;\nRENAME table `wp_users` TO `myweb21a_users`;\n<\/pre><\/div>\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/cdn.statically.io\/img\/www.wpmesh.com\/f=auto%2Cq=50\/wp-content\/uploads\/2021\/02\/code-for-wp-database-tables.jpg\" alt=\"SQL button and paste the following code.\" class=\"wp-image-557\"\/><\/figure>\n\n\n\n<p><strong>You can change the value \u201cmyweb21a_\u201d with any value you want.<\/strong><\/p>\n\n\n\n<p class=\"has-background\" style=\"background-color:#c0ffe6\"><strong>Please Note: <\/strong>It is an advanced security measure. So, only use it when your website was already hacked in the past.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"31-13-create-a-password-protected-directory-\"><strong>#13 Create a Password Protected Directory<\/strong><\/h3>\n\n\n\n<p>Another advanced security protection measure for your WordPress site auditing.<\/p>\n\n\n\n<p><span style=\"text-decoration: underline\">By creating a password-protected directory<\/span>, even if someone has access to your WordPress files, they can\u2019t change it. Unless they have a second security password that I am going to show you how to add them to your wp-admin folder.<\/p>\n\n\n\n<p><em>But why only to the wp-admin folder? <\/em>Because it has <span style=\"text-decoration: underline\">most of the sensitive data<\/span> that a hacker may use to create a backend access door to your website.<\/p>\n\n\n\n<p>To password protect the wp-admin folder, you have to:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to cPanel.<\/li>\n\n\n\n<li>Search for \u201cDirectories Privacy\u201d<\/li>\n\n\n\n<li>A new window will appear, browse to your wp-admin folder in the directory.<\/li>\n\n\n\n<li>Now, on the right, click on the edit button.<\/li>\n<\/ol>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Check the \u201cpassword protect this directory\u201d<\/li>\n\n\n\n<li>Now, in the column \u201cEnter a name for the protected directory:\u201d, it gets automatically filled.<\/li>\n\n\n\n<li>Now, in the bottom window, fill the new username and password.<\/li>\n\n\n\n<li>And click on \u201cAdd\/modify authorized users\u201d.<\/li>\n<\/ol>\n\n\n\n<p>With this, you add a new layer of security that is harder to breach.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"32-14-removing-lost-password-link-\"><strong>#14 Removing Lost Password Link<\/strong><\/h3>\n\n\n\n<p>Removing the \u201clost password\u201d link from the login page makes you unable to access lost password functionality.<\/p>\n\n\n\n<p>So, I better suggest writing your password down. Otherwise, it could be another tedious task to recover your own forgettable password.<\/p>\n\n\n\n<p><em>But, what\u2019s the point of removing a lost password link?<\/em><\/p>\n\n\n\n<p>This is <span style=\"text-decoration: underline\">very helpful when your email gets hacked<\/span> which is linked to your website. So, even the hacker can\u2019t change the password of your website. That all means, your website will be safe.&nbsp;<\/p>\n\n\n\n<p>You only have to add the following code to your \u201clogin-style-perso.cc\u201d file.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>p#nav { \ndisplay: none;\n}<\/code><\/pre>\n\n\n\n<p>For additional safety, you can also remove the \u201c\u00abBack to the site\u00bb\u201d link that allows users to return to the homepage.<\/p>\n\n\n\n<p>Just add the following code to \u201cstyle-login.css\u201d file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>p#backtoblog {\ndisplay: none;\n}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"33-15-hosting-too-many-website-to-the-same-server-\"><strong>#15 Hosting Too Many Website To The Same Server<\/strong><\/h3>\n\n\n\n<p><em>Hosting too many websites on the same server is cost-effective.<\/em> But it could also be <span style=\"text-decoration: underline\">a nightmare for you<\/span>.&nbsp;<\/p>\n\n\n\n<p>Because if one website gets hacked, there is a higher chance that all the websites on the same server will also be hacked.<\/p>\n\n\n\n<p>And this is what happens to me. <em><strong>Here is my story.<\/strong><\/em><\/p>\n\n\n\n<p>I have an A2 hosting plan where I hosted 3 of my sites. And once, I uploaded a GPL plugin of SocialShare.<\/p>\n\n\n\n<p>But, it was a blunder.&nbsp;<\/p>\n\n\n\n<p>After uploading and activating the plugin, it automatically gets vanished from the plugin panel. And a new plugin with some title\u2014I don\u2019t remember the full name\u2014 but with a prefix \u2018ads\u2019.<\/p>\n\n\n\n<p>Moreover, I was automatically logged out. And can\u2019t access the dashboard.<\/p>\n\n\n\n<p>I checked other websites too.<\/p>\n\n\n\n<p>They also get hacked.<\/p>\n\n\n\n<p>I was fully anxious. I even think for a second, what happens to me.<\/p>\n\n\n\n<p>All 3 websites got hacked. And in the next 10 to 12 hours, I had done only one thing, removing malicious plugins and new users from phpMyAdmin.<\/p>\n\n\n\n<p><em>That day was terrible for me.<\/em> But I learned my lesson.<\/p>\n\n\n\n<p>This could happen to any of you. So, first, <strong>don\u2019t upload any GPL plugins and themes<\/strong>, and secondly, <strong>don\u2019t host your all-important website on the same server.<\/strong><\/p>\n\n\n\n<p>I hope you understand my point of saying.<\/p>\n\n\n\n<p>Therefore, <em>don\u2019t even dare to host all of your important website<\/em> of the same hosting, even their security level is best.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"34-16-evaluate-your-hosting-provider-security-\"><strong>#16 Evaluate Your Hosting Provider Security<\/strong><\/h3>\n\n\n\n<p>Finally, we are at our last pointer i.e. how secure is your hosting provider.<\/p>\n\n\n\n<p>If your server is not safe, <span style=\"text-decoration: underline\">there is no use in dwelling time<\/span> on the above pointers.<\/p>\n\n\n\n<p>This is why it is better to choose a reliable and trusted hosting provider.<\/p>\n\n\n\n<p>Check our <a href=\"https:\/\/veewom.com\/articles\/best-wordpress-hosting.htm\" target=\"_blank\" rel=\"noreferrer noopener\">best hosting providers list <\/a>on which you can host your website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"35-final-checklist-for-your-wordpress-security-audit-\"><strong>Final Checklist for Your WordPress Security Audit<\/strong><\/h2>\n\n\n\n<p>The following is the final checklist that you should follow in order to make your website more secure.<\/p>\n\n\n\n<p>In this final checklist, I only included the crucial pointers that enhance your WordPress security.&nbsp;<\/p>\n\n\n\n<p><strong>1. Be Updated:<\/strong> Be regular in updating plugin, themes, and WordPress.<\/p>\n\n\n\n<p><strong>2. Create a Strong Username &amp; Password:<\/strong> Create an unpredictable username, and for password try to use the combination of words, special letters, and symbols.<\/p>\n\n\n\n<p><strong>3. Check Restorable WordPress Backup Suite:<\/strong> Always take backups regularly and also before updating WordPress.<\/p>\n\n\n\n<p><strong>4. Flush out Unused themes, Plugins, and Files: <\/strong>Try to delete plugins, themes, and files that are no longer of use.<\/p>\n\n\n\n<p><strong>5. Stay away from GPL:<\/strong> Don\u2019t use GPL license themes and plugins because it may lead to a security breach.<\/p>\n\n\n\n<p><strong>6. Restrict and Delete Authors Role: <\/strong>Remove or modify the passwords of non-active authors.<\/p>\n\n\n\n<p><strong>7. Block All means of Brute Force Attacks: <\/strong>You can add 2-step authentication, limit login attempts, change the login URL, add Cloudflare CDN, and reCAPTCHA to protect your website from brute force attacks.<\/p>\n\n\n\n<p><strong>8. Eliminate On-site Vulnerabilities: <\/strong>You can use on-site plugins such as Wordfence and Sucuri to find vulnerabilities. Sucuri SiteCheck and IsitWp are the online tools to scan your website for malware and in blacklisted databases.<\/p>\n\n\n\n<p><strong>9. Reset WordPress Salts: <\/strong>Regularly (at least a month) reset the WordPress salts key for giving more protection to your site\u2019s sensitive data.<\/p>\n\n\n\n<p><strong>10. Disable File Editors For Plugins &amp; Themes:<\/strong> Doing this, resist any change and code injection by hackers.<\/p>\n\n\n\n<p><strong>11. Force Through SSL:<\/strong> Redirect every page with HTTP to HTTPS. You can use the Really Simple SSL plugin for that.<\/p>\n\n\n\n<p><strong>12. Don\u2019t host too many Sites on Single Hosting:<\/strong> Read what happens to me, in section #15 in this post.&nbsp;<\/p>\n\n\n\n<p>I hope you like my efforts on &#8220;<strong>How you can do WordPress Security Audit by yourself<\/strong>&#8220;.&nbsp;<\/p>\n\n\n\n<p><em>If you still have any query related to it,<\/em> please let me know in the comment section. I personally love to respond to each of your queries.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Also Read this<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/veewom.com\/articles\/best-seo-blogs-to-follow.htm\">20 Best SEO Blogs to Follow in 2025<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/veewom.com\/articles\/best-web-hosting-providers.htm\">Best Web Hosting Providers in 2025<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/veewom.com\/articles\/best-free-web-hosting-providers.htm\">Top 10 Best Free Web Hosting Providers in 2025<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/veewom.com\/articles\/high-pr-dofollow-backlinks.htm\">100+ .Org Sites To Get High PR DoFollow Backlinks<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/hostingmirror.com\/hosting-with-money-back-guarantee\" target=\"_blank\" rel=\"noreferrer noopener\">Hosting Provider With Money Back Guarantee<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The most lacking habit that the majority of bloggers have is, not doing regular WordPress Security Audit. Without knowing how vulnerable your website is, you can\u2019t be aware and prepare your website from getting hacked. For WordPress Security Audit, there are a number of checklists and markers that you have to follow to give your &hellip; <a href=\"https:\/\/veewom.com\/articles\/wordpress-security-audit.htm\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WordPress Security Audit: 15+ Best Audit Practice [Checklists]&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":12282,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[118,414],"class_list":["post-525","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","tag-wordpress","tag-wordpress-security-audit"],"featured_image_src":"https:\/\/veewom.com\/articles\/wp-content\/uploads\/2021\/08\/15-Best-Audit-Practice.png","author_info":{"display_name":"Editorial Staff","author_link":"https:\/\/veewom.com\/articles\/author\/admin"},"_links":{"self":[{"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/posts\/525","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/comments?post=525"}],"version-history":[{"count":5,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/posts\/525\/revisions"}],"predecessor-version":[{"id":12508,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/posts\/525\/revisions\/12508"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/media\/12282"}],"wp:attachment":[{"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/media?parent=525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/categories?post=525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/veewom.com\/articles\/wp-json\/wp\/v2\/tags?post=525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}