Skip to content
SANDBOX.page
  • Features
  • Premium Plugins & Themes
    • Control Panel
    • Manage Subscription
SANDBOX.page
  • Features
  • Premium Plugins & Themes
    • Control Panel
    • Manage Subscription
  • Login

Documentation

Managing WordPress

  • Update WordPress Installations
  • Managing WordPress Installations
  • Install WordPress
  • Maintenance Mode
  • Smart Updates

Securing WordPress & Backup/Restore

  • Backup and Restore
  • Securing WordPress
  • Restoring a WordPress Installation from a Restore Point

Premium Themes and Plugins

  • Install Premium Plugins
  • Install Premium Themes

Git Support

  • Git In-depth Overview
  • Getting Started with Git
  • Overview

Advanced Topics

  • Cron Jobs
  • Access WP-CLI

Stage, Sync, Clone and Migrate

  • Restoring a WordPress Installation from a Restore Point
  • Copying Data from One WordPress Website to Another
  • Cloning a WordPress Website
  • Home
  • Docs
  • Securing WordPress & Backup/Restore
  • Securing WordPress

Securing WordPress

WordPress Toolkit can enhance the security of WordPress installations (for example, by turning off XML-RPC pingbacks, checking the security of the wp-content folder, and so on).

We call individual improvements you can make to the installation’s security “measures”. We consider certain measures to be critical. For that reason, WordPress Toolkit applies them automatically to all newly created installations.

On the installation’s card next to “Security”, you can see the following security messages:

  • “Fix security” means that not all critical security measures were applied.
    We strongly recommend that you apply them all.
  • “Check security” means that all critical security measures were applied,
    while some recommended measures were not.
  • “View settings” means that all security measures (critical and recommended) were applied.

Note: Some security measures, once applied, can be reverted. Some cannot. We recommend that you back up a WordPress installation before securing it.

You can secure WordPress installations individually or multiple installations at a time.

To secure an individual WordPress installation:

  1. Go to WordPress, choose the installation you want to secure, and then, on the installation card, click the message next to “Security” (for example, “Fix security”).
  2. Wait for WordPress Toolkit to display the security measures you can apply.
  3. Select the security measures you want to apply, and then click Secure.

All selected measures will be applied.

To secure multiple WordPress installations:

  1. Go to WordPress and then click Security.
  2. You will see the list of your WordPress installations. For every installation, you can see how many critical (indicated by the  icon) and recommended (the  icon) security measures can be applied to it. To see the list of measures that can be applied, click the corresponding icon. If all security measures are applied, you will see the  icon instead.
  3. (Optional) To see more information about all security measures and to manage them for an individual WordPress installation, next to the desired installation. To return to managing security of multiple installations, click  next to “Security Status Of Selected Websites”.
  4. Select installations to which you want to apply security measures and then click Secure.
  5. By default, only critical security measures are selected to be applied. You can also select:
    • Security measures of your choice. To do so, click the “Custom selection” radio button.
    • All security measures at once. To do so, click the “All (critical and recommended)” radio button.
  6. Click Secure.

The selected measures will be applied.

Reverting Security Measures

In rare cases, applying security measures can break your website. In this case, you can revert security measures you have applied. Not all security measures can be reverted. Those that can be are marked as “(can be reverted)”. You can revert security measures for an individual WordPress installation or for multiple WordPress installations at a time.

To revert applied security measures for an individual installation:

  1. Go to WordPress, choose the installation for which you want to revert an applied measure, and then, on the installation card, click the message next to “Security” (for example, “Check security”).

  2. Wait for WordPress Toolkit to display the list of security measures.

  3. Select the security measures you want to revert and then click Revert.

The applied security measures will be reverted.

To revert applied security measures for multiple installations:

  1. Go to WordPress and then click Security.
  2. You will see the list of WordPress installations hosted on the server and whether critical and recommended security measures were applied to them or not.
  3. (Optional) To see more information about all security measures and to manage them for an individual WordPress installation, click  next to the desired installation. To return to managing security of multiple installations, click  next to “Security Status Of Selected Websites”.
  4. Select installations for which you want to revert security measures and then click Revert.
  5. Select security measures you want to revert and then click Revert.

The applied security measures will be reverted.

What are your Feelings
What are your Feelings
Still stuck? How can we help?

How can we help?

Restoring a WordPress Installation from a Restore PointBackup and Restore
  • About
  • TERMS OF SERVICE
  • Blog
Empowering WordPress Developers since 2021