WordPress · Free tool

Secure WordPress — the hardening checklist.

Tick the items and watch live how well your WordPress site is set up. 17 concrete, practical measures grouped by login, updates, files and backups. Your progress stays local in your browser.

Access & login
Updates & extensions
Files & server
Backups & monitoring
FAQ

Frequently asked questions

01How secure is WordPress really?

The WordPress core is well maintained. Most hacks don't come through the core but through weak passwords, missing updates and insecure plugins — exactly the items on this list that you control yourself.

02Isn't a security plugin enough?

A security plugin helps but doesn't replace the basics: up-to-date software, strong logins with 2FA and tested backups. Too many plugins even increase the attack surface.

03Is my progress saved?

Yes — only locally in your browser (localStorage). There's no account and no server; nothing is transmitted or tracked.

04What matters most on the list?

Up-to-date software, strong and unique logins with two-factor authentication, and tested off-site backups. That covers by far the most common attacks.

05What if my site is already hacked?

Then clean up first, harden second — this list is prevention. For emergencies we offer WordPress hack recovery.

No time for the whole list? We'll handle the hardening.