Check whether potential vulnerabilities are covered. For convenience, we list the items that need to be confirmed when performing security audit.
You can do this manually or using the word press audit plug-in. Let’s look at the manual approach first, and then discuss several plug-ins that can be used as alternatives to automate security audits. If you don’t want to use plug-ins, many plug-ins seem to slow down the page, so you can perform a manual security audit on the WordPress website. Please follow these steps to check whether the website is moving in the right direction. 1. Keeping the latest updates and confirming that the site is up-to-date is one of the best ways to protect the site. WordPress updates may be all about new features, and some may not like it. However, in any case, you must check and install updates when you conduct a security audit of your site.
The WordPress version remains up-to-date because the latest version always comes with new security patches. The WordPress security team works with the world’s top security experts to ensure the safety and health of the platform. You can view word press updates in WP manager dashboard > dashboard > updates. When updating WordPress, check whether the plug-in and theme are updated. Keep in mind that hackers may maliciously exploit vulnerabilities in plug-ins or themes to enter the website. Therefore, it is recommended to check and update all plug-ins and topics regularly. Plug in and theme update options can be found on the same page as WordPress update.
2. Regularly back up WordPress backup, maintain and confirm the website, which is very useful when the website loses data due to hackers or malware. Quality hosting providers often provide automated backup services. However, even if the hosting provider provides automatic backup services, WordPress’s high-quality backup plug-in must be installed to back up the website and all data on a regular basis. After installing the backup plug-in, ensure that backups are run regularly for each security audit. 3. Administrator account vulnerability assessment 12345, 123456 and 123456789. These three passwords are the most popular passwords in 2019. Nordpass ranked all popular passwords from the list of 500 million passwords leaked online, and the top 10 are shown in the figure below.
One of the most popular password (Credit: nordpass) administrators in 2019. If you set your password like this, the website will soon find violations. Select the strong password recommended by WordPress. If you are a forgetful person, there are many password management applications that can save passwords. Another important thing to confirm during the security audit is that the administrator has not set the user name admin. This is the most commonly used user name in WordPress and cannot be used completely. 4. If the user and account confirm that the user has a forum or e-commerce website that needs to be registered, confirm whether there are suspicious users during the security audit. WP manager Panel > users > find all users list in all users.
However, if you have other types of websites and do not need visitors to join, it is recommended that you close WP Management Panel > General > anyone can register if anyone can register. 
5. Removing unnecessary plug-ins and installing a large number of plug-ins on the website not only takes up space, but also poses a security threat. If the plug-in is no longer needed, it is recommended to delete it. Old plug-ins are often the treasure of websites
