A few weeks ago, Ana Cecília sent me a really cool email informing me that the Cybersecurity and Data Privacy Manual for Museums, Libraries, Archives, and Galleries is ready and that I am listed in the bibliography and acknowledgments 🥰
As the WordPress Security Checklist was used in this cybersecurity manual, and I was very honored to be mentioned, I decided to work a bit on this project and released a major update with a new design, clearer navigation, and simpler code maintenance, so that the checklist remains easy to use on mobile, desktop, and GitHub Pages.
What you will notice
Typography and layout
The site now uses Plus Jakarta Sans with a stronger hierarchy: larger, bolder headings and improved spacing so long checklist sections are easier to scan.
Neumorphic-style surfaces
Inspired by current UI trends (soft depth, tactile controls), the main content sits on a raised panel with gentle shadows, while the header navigation and primary actions use subtle depth rather than flat blocks throughout.
Header and footer
The header has a clearer structure (with the title and description aligned with the content column), a rounded navigation bar, and pill-style links. The mobile menu uses a CSS-only hamburger that morphs into a close icon—no separate image asset. Languages open from an icon in the header with a compact submenu instead of a long dropdown. The footer uses a frosted panel on the brand background, a CSS grid for columns, and clearer social and contribution links.
Light and dark themes
You can switch between light and dark from the icon next to the menu. Until you choose a preference, the site follows your system color scheme. Your choice is remembered for the next visit.
Faster, simpler front end
Checklist interactivity (checkboxes, section counters, theme toggle) now runs on vanilla JavaScript—no jQuery—which keeps the payload small and behavior predictable. Progress is saved in your browser between visits. A pinned progress bar and per-section counts help you stay oriented. Checks use a subtle pen-draw style overlay, and you can check or clear every item in a section in one go. Completing the list can trigger a celebration (motion, confetti, and optional sound), with a toggle to turn that off when you prefer less distraction or motion. You can also export to PDF, with an optional project name on the cover sheet.
Content and hosting
Checklist recommendations were reviewed for modern WordPress (last reviewed date on the homepage). The project is aligned with native GitHub Pages builds (no fragile language plugins in the build), and localized strings load reliably across English, Portuguese, Spanish, and Japanese via a single strings data file. There is new guidance to reduce author and username enumeration, including an optional Apache .htaccess snippet behind a collapsible block so the page stays scannable. XML-RPC and related hosting-oriented items now live in the Hosting section, and link labels that point to the WordPress hardening handbook are translated per locale.
Structured data
Every page includes Schema.org JSON-LD, and the checklist itself is described as a full ItemList in the active locale—which is better for search engines and assistants that consume structured data.
Acessibilidade e privacidade
Accessibility and privacy
There is a skip link straight to the main content, a proper main landmark, and localized ARIA copy for the menu, navigation metadata, and checklist controls (including the PDF dialog, which uses a focus trap for keyboard users). The document head adds a stricter referrer policy and a narrow Permissions-Policy for APIs that the site does not need.
Still the same mission
The checklist remains free, open source, and focused on practical steps you can take to harden WordPress. If you want to suggest edits or translations, the repo is on GitHub.
Thank you for using the site! If something looks wrong in your browser or in your language, open an issue and I will take a look.
