WordPress 5.2 release‘s new Site Health feature finds free ways to enhance website security and performance. Improving security doesn’t require extensive reading and configuration. Sometimes, it’s as simple as minimalism and removing what you don’t need.
Below we cover how to resolve Site Health security issues.
Every additional file – plugin, theme, etc. – is another potential vulnerability. If you no longer need a plugin, fix any issues caused when that plugin is inactivated – e.g. shortcodes and visual errors – and remove the plugin via your WordPress dashboard, WP-CLI, or cPanel File Manager/FTP.
Click the arrow to the right of the notice for more info.
Want more? Use plugins that handle multiple functions such as the Wordfence security suite plugin.
Want more? You can contact theme developer(s) using the Theme Homepage link from their respective WordPress.org/themes page.
Forcing your website to use HTTPS with a paid or free SSL certificate ensures a secure connection between the website and visitors. An SSL certificate is essential for any company that understands why security is important.
Still want more? Enable HTTP Strict Transport Security (HSTS) within the .htaccess file or Cloudflare for improved speed too.
Output Debug Information
Public-facing debug errors can divulge important information for a hacker looking for vulnerabilities – e.g. version numbers and file paths. Turn off WordPress debugging using the dashboard or WP-CLI.
Want more? Click the Info tab in Site Health see all information at once.
Communicate Securely with Other Services, Communicate with WordPress.org, Background Updates
These three tests together ensure e-commerce plugins, other plugins, WordPress core, and themes can work and update correctly.
Learn more from our WordPress Education Center.