Regular audits catch security issues early. Big breaches start small. Audit every 3 months.
1-3: Versions, users, database
WordPress updated? Plugins updated? Unused accounts removed? Database user not „root”?
4-6: File permissions, editing, htaccess
Permissions correct? File editing disabled? .htaccess protecting sensitive files?
7-10: SSL, backups, monitoring, logs
SSL certificate valid? Backups working? Failed logins logged and reviewed? Monitoring alerts configured?
Action plan
Monthly: check updates. Quarterly: audit. Continuously: monitor.