Keep Your WordPress Site Safe in 6 Steps

This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other scum. 

Roadmap

Step 1: Make sure you have a good backup plan.
Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day back and also from 1 month back? If not, there is work to be done. You can use a plugin as a backup buddy, or one of the many other backup plugins . It is important to remember that a backup of your site locally (on your site itself) – not a backup!

Where: for example on your own computer, or in the cloud (think of the privacy aspect)

Step 2: Remove all unused installations from WordPress and other applications.
You may have done a test installation on a subdomain, and you no longer looked at it. Hackers love that, and use that outdated installation to get into your real website. Easily remove unused subdomains via the Control Panel , and unused folders within your website itself via FTP.

Where: Control Panel, FTP

Step 3: Remove all plugins and themes that you no longer really need or that are no longer maintained

This is an essential part of keeping WordPress safe. Some plugins started so promising, but the creator may have stopped. Then it’s time to look for an alternative because plugins that are no longer being updated are vulnerable to leaks.

How do you see if plugins are no longer maintained? For example by surfing to https://plugins.wordpress.org and looking at the plugin page there:

Wp-admin panel, Plugins, Appearance->Themes

Step 4: Check all users
Does the SEO expert who optimized your site 2 years ago really need access? Remove all accounts, especially accounts with administrator rights from your WordPress website. Are there any users you don’t know at all with weird e-mail addresses? Then check carefully whether something has gone wrong on your website.

Where: Wp-admin panel, under Users-> All Users

Step 5: Update everything!
And that means; WordPress itself, plugins, themes, and all other software that you use on your site. Pay particular attention to plugins that are included with your theme for free, or “custom made” themes that are no longer maintained. In the WordPress wp-admin / panel you go to Dashboard-> Updates to see what can be directly updated. But beware, sometimes you have to update paid themes in a different way, for example by manually re-downloading them or by going to the theme’s settings. Check the FAQ of the template maker or contact them if you don’t know how.

Waar: Wp-admin panel, under Dashboard->Updates, Plugins, Appearance->Themes, Theme Settings

Step 6: Install a security plugin
If you have followed all the steps above, your site should in principle already be 99% secure. But it doesn’t hurt to keep an eye on your website, and plugins such as WordFence help with that. Make sure you go through the options just as well, so that you do not constantly receive unnecessary e-mails (which you will automatically ignore).

Where: Wp-admin panel, under Plugins

No more worrying about?

Our WordPress Update Service is a service where we keep your WordPress site, plugins and theme safe and up-to-date. 

Why using special DNS Servers is beneficial?

By Rutger | October 14, 2020

With the internet becoming an integral part of every business today, it has also increasingly become important that DNS servers remain stable, secure, and resilient against DNS attacks. By default, you’re most likely using your Internet Server Provider (ISP) DNS servers. DNS queries through ISP’s are vulnerable to attacks as it does not always use…

Make WordPress Websites Much Faster In 5 Steps

By Rutger | September 25, 2020

What can you do to make your WordPress website faster? A fast loading website provides an improved user experience and higher rankings in Google and that is good for your website/business.   1. Install a caching plugin What is it? Caching ensures that your page does not have to be “made” continuously. Making it costs…

New Let’s Encrypt SSL Certificates – Free SSL But Beware

By Rutger | September 18, 2020

We offer Let’s Encrypt SSL certificates for a few years now so that together we make the internet more secure. By removing the barrier that SSL certificates cost money, and by easily installing them by pressing a button in the control panel, there is virtually no reason not to use SSL anymore. It is good to…

Keep Your WordPress Site Safe in 6 Steps

By Rutger | September 11, 2020

This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other scum.  Roadmap Step 1: Make sure you have a good backup plan.Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day back and also from 1…

Activate A Better Spam Filter For Free

By Rutger | September 4, 2020

The new spam filter that we introduced in 2017 works very well. Because of the positive feedback, we have decided to offer this permanently on all our packages without extra costs! You can drastically reduce spam with one click: Via the new account center on my.codeorange.co.th/login you will find an “Advanced Settings” tab under Email settings where you…

Search Engine Tip: Prevent Duplicate Content By Removing Wildcard Subdomain From DNS

By Rutger | August 28, 2020

If you have a website, it is important to only publish it in one place. The underlying reason is that Google and other search engines do not like it if they find the same information in multiple places (so-called duplicate content). How is that possible if you do not intentionally copy pages to other places? One…

Set Default Homepage

By Rutger | August 21, 2020

Three years ago, we added a function to the Control Panel, called “Standard Homepage”, and we think it deserves a bit more attention. With this function, you determine where your website ‘lives’ as it were and it is very positive for SEO and conversion. This is because your website is accessible by default in several ways: http://www.exampledomain.nl (most used)…

WordPress Downgrade Plugin

By Rutger | August 14, 2020

If for some reason you run into an issue when you upgraded WordPress, you can simply restore the backup that you made (you made one, right?) If the issue is with WordPress core, and for example your theme does not (yet) support the new WordPress version, then it’s good to know there’s a downgrade plugin…

WordPress 5.5 “Eckstine”

By Rutger | August 11, 2020

[Upgrade issues? Check the downgrade plugin post] Here it is! WordPress 5.5 “Eckstine” is finally released. The 39th version of WordPress is named after the jazz musician Billy Eckstine. You can download the latest version of WordPress or update in your dashboard. With the new WordPress 5.5 “Eckstine”, your site gets new power as it is…

Two Factor Authentication (2FA) for Control Panel

By Rutger | August 11, 2020

The control panel already limits unauthorized login attempts to prevent anyone from accessing your sensitive information. You can also add an extra layer of protection by enabling two-factor authentication. Two-factor authentication also known as two-factor verification or 2FA is an additional step in the login process that requires users to present a piece of information that…