Securing WordPress

WordPress Toolkit can enhance the security of WordPress instances (for example, by turning off XML-RPC pingbacks, checking the security of the wp-content folder, and so on). You can see an instance’s security status on its card, below the screenshot of the website. If you see “warning” or “danger” next to “Security status”, we recommend that you secure your instance.

image1.png

We call individual improvements you can make to an instance’s security “measures”. We consider certain measures to be critical. For that reason, WordPress Toolkit applies them automatically to all newly created instances.

Caution: Some security measures, once applied, can be rolled back. Some cannot. We recommend that you back up the corresponding subscription before securing a WordPress instance.

You can secure WordPress instances individually or multiple instances at a time.

To secure an individual WordPress instance:

  1. Go to WordPress, choose the instance you want to secure, and then click “View” next to “Security status” on the instance card.
  2. Wait for WordPress Toolkit to display the security measures you can apply.
  3. Select the security measures you want to apply, and then click Secure.

All selected measures will be applied.

To secure multiple WordPress instances:

  1. Go to WordPress and then click Security.
  2. You will see the list of your WordPress instances. For every instance, you can see how many critical (indicated by the image2.png icon) and recommended (the image3.png icon) security measures can be applied to it. To see the list of measures that can be applied, click the corresponding icon. If all security measures are applied, you will see the image4.pngicon instead.
  3. (Optional) To see more information about all security measures and to manage them for an individual WordPress instance, click next to the desired instance. To return to managing security of multiple instances, click next to “Security Status Of Selected Instances”.
  4. Select instances to which you want to apply security measures and then click Secure.
  5. By default, only critical security measures are selected to be applied. You can also select:
    • Security measures of your choice.
    • The “All (critical and recommended)” radio button to select all security measures at once.
  6. Click Secure.

The selected measures will be applied.

Rolling Back Security Measures

In rare cases, applying security measures can break your website. In this case, you can roll back the security measures you have applied. You can do this for an individual WordPress instance or for multiple WordPress instances at a time.

To roll back applied security measures for an individual instance:

  1. Go to WordPress, choose the instance for which you want to revert an applied measure, and then click “View” next to “Security status” on the instance card.
  2. Wait for WordPress Toolkit to display the list of security measures.
  3. Select the security measures you want to revert and then click Revert.

The applied security measures will be rolled back.

To roll back applied security measures for multiple instances:

  1. Go to WordPress and then click Security.
  2. You will see the list of WordPress instances hosted on the server and whether critical and recommended security measures were applied to them or not.
  3. (Optional) To see more information about all security measures and to manage them for an individual WordPress instance, click next to the desired instance. To return to managing security of multiple instances, click next to “Security Status Of Selected Instances”.
  4. Select instances for which you want to roll back security measures and then click Revert.
  5. Select security measures you want to roll back and then click Revert.

The applied security measures will be rolled back.