-
Should You Move wp-config.php Above the Webroot?
6 min read
Moving wp-config.php one folder up is standard WordPress advice. Here's what it actually protects against, what it doesn't, and when it's worth doing.
Read the post → -
The WordPress Security Checklist
5 min read
A practical, ordered WordPress security checklist covering hosting, core, logins, files, backups and monitoring, with the reasoning behind each step.
Read the post → -
What Your WordPress Host Won't Do For You
6 min read
Managed hosting protects the server, not your WordPress site. Here's the gap between what your host covers and what's actually left to you.
Read the post → -
Is My WordPress Site Hacked? Twelve Signs to Check
8 min read
A practical checklist for working out whether your WordPress site has been compromised, what to look at first, and what each sign actually means.
Read the post → -
The Best WordPress Security Plugins in 2026
6 min read
The WordPress security plugins I actually install in 2026, the ones I skip, and how they fit together as a stack.
Read the post → -
How to Harden WordPress
7 min read
What to actually change to harden a WordPress site, starting with wp-config and working outwards.
Read the post → -
How to Recover a Hacked WordPress Site Step by Step
7 min read
A calm, ordered run through of what to do when your WordPress site has been compromised, from taking it offline to closing the gap the attacker came in through.
Read the post →
Get the free WordPress Security Checklist
The security checks I'd run through on any WordPress site, delivered straight to your inbox.