WordPress 5.2 release‘s new Site Health feature finds free ways to enhance website security and performance. Improving security doesn’t require extensive reading and configuration. Sometimes, it’s as simple as minimalism and removing what you don’t need.
Psst! Want more speed with no complexity? Check out our Nginx-powered WordPress Hosting with our user-friendly Cache Manager.
Below we cover how to resolve Site Health security issues.
Security Checks
Inactive Plugins
Every additional file – plugin, theme, etc. – is another potential vulnerability. If you no longer need a plugin, fix any issues caused when that plugin is inactivated – e.g. shortcodes and visual errors – and remove the plugin via your WordPress dashboard, WP-CLI, or cPanel File Manager/FTP.
Click the arrow to the right of the notice for more info.
Want more? Use plugins that handle multiple functions such as the Wordfence security suite plugin.
Inactive Themes
Everything above regarding plugins applies to themes. Remove inactive themes via the dashboard, WP-CLI, or the theme folder from the wp-content/themes directory.
Want more? You can contact theme developer(s) using the Theme Homepage link from their respective WordPress.org/themes page.
HTTPS Connection
Forcing your website to use HTTPS with a paid or free SSL certificate ensures a secure connection between the website and visitors. An SSL certificate is essential for any company that understands why security is important.
Want more? Force your website to use HTTPS with the dashboard or
Really Simple SSL plugin.
Still want more? Enable HTTP Strict Transport Security (HSTS) within the .htaccess file or Cloudflare for improved speed too.
Output Debug Information
Public-facing debug errors can divulge important information for a hacker looking for vulnerabilities – e.g. version numbers and file paths. Turn off WordPress debugging using the dashboard or WP-CLI.
Want more? Click the Info tab in Site Health see all information at once.
Communicate Securely with Other Services, Communicate with WordPress.org, Background Updates
These three tests together ensure e-commerce plugins, other plugins, WordPress core, and themes can work and update correctly.
Want more? Enable automatic updates within your wp-config.php file. And check out WooCommerce to integrate e-commerce in your WordPress website.
Learn more from our WordPress Education Center.