Skip to content

Regular Security Actions

Regular security maintenance is crucial for system safety and efficiency. This includes updating dependencies, removing unused packages, and keeping documentation current.

  • Bi-weekly dependency checks (consider using Dependabot or Renovate).
  • Some handy commands to check for vulnerabilities and outdated packages yourself:
    • npm audit or pnpm audit to check for vulnerabilities
    • npm outdated or pnpm outdated to check for outdated packages
    • npx npm-check-updates --interactive or pnpm up --recursive --interactive --latest to check for outdated packages and update them interactively
  • If you see vulnerability flagged during package installation, you should fix it.
  • Use Dependabot for security updates
  • Document findings and keep a shared maintenance log, when applicable.
  • Install Wordfence plugin
  • Enable real-time monitoring
  • Set up email alerts to be sent on your project’s email alias
  • Use an uptime monitoring tool for business critical services
    • Axioned has a hosted uptime monitoring service called Uptime Kuma
  • Some hosting platforms (like WP Engine) have uptime monitoring built in as well

Read more on self-audit for more details on how to audit your own security.