Keeping your WordPress Website Secure

January 23, 2018
lauren@tomatocreative.com.au

Keeping WordPress Secure

So your new website is live. You can kick back, relax and wait for the enquiries to roll in. Right? Wrong.

These days a website is kinda like having a wayward teenager. You have to keep an eye on it, keep it well fed with new content and make sure it doesn’t mix with the wrong crowd.

WordPress  now powers over one quarter of the web. The popularity of the platform makes it highly enticing to hackers and those with nothing better to do with their time. A hacked website is a pain. Trust me. You are dealing with possible downtime, data loss and even being blacklisted by google. Not fun.

As they say prevention is better than cure so there are a few things you can do to ensure your website stays secure as possible so you can avoid a malware nightmare.

1. Keep WordPress Updated.

The size of the WordPress community can also be a benefit in that possible bugs or vulnerabilities can be identified and are dealt with quickly. WordPress regularly will release updates. Running these updates via your admin will not only help keep your site secure but it can also improve site performance.

The good news…

Since WordPress 3.7, minor upgrades/releases have by default been automatically updated. This means that any security patches or bug fixes and are pushed to your site meaning you have that extra piece of mind without doing a thing.

But you aren’t quite off the hook yet…

2.  Keep Your plugins updated

Plugin updates can offer improvements in features or tweaks but more often than not they are patching a security issue. Even the most widely used and supported plugins have had issues. By updating your plugins regularly you can keep on top of any possible issues and sleep better at night.

Ok so updating plugins can cause issues. And this is the reason why many people (including myself) tend to procrastinate. BUT there are so many good back up plugins available now that you can roll back should something go wrong.

This is how I do it:

  1. Use All in One WP Migration or a similar plugin to export a back up of your site (you can also do this via Softaculous if on your server)
  2. Run the plugin update
  3. check to make sure everything is working ok
  4. Repeat for each additional plugin.

3. Update your WordPress theme

This doesn’t have to be done as often as your plugins or wordpress but your website can benefit. Theme updates can cause issues so if in doubt you can give me a call. With theme updates it is possible that the way the admin words or the front end appearance can vary slightly. Small updates eg from 4.22 to 4.23 aren’t a big deal but a jump from V4 to V5 should have you more wary. Be sure to back up and you should be fine.

Some final thoughts

If you don’t want your website looking funky whilst doing the upgrades then consider using a maintenance plugin which can display a message while you work on the site. Some of the more popular ones are below:

The bottom line is that if you don’t keep your site up to date then you are very vulnerable to malicious code injections and you could have a headache awaiting at the next refresh.

If it’s all too hard I’m happy to help out so give me a call on 0401 674 461 to arrange a regular maintenance plan. I also offer uptime monitoring, Malware Removal & Hack Repair and blacklist removal for a monthly fee so if you do slack off then you are covered.