This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other scum.
Roadmap
Step 1: Make sure you have a good backup plan.
Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day back and also from 1 month back? If not, there is work to be done. You can use a plugin as a backup buddy, or one of the many other backup plugins . It is important to remember that a backup of your site locally (on your site itself) – not a backup!
Where: for example on your own computer, or in the cloud (think of the privacy aspect)
Step 2: Remove all unused installations from WordPress and other applications.
You may have done a test installation on a subdomain, and you no longer looked at it. Hackers love that, and use that outdated installation to get into your real website. Easily remove unused subdomains via the Control Panel , and unused folders within your website itself via FTP.
Where: Control Panel, FTP
Step 3: Remove all plugins and themes that you no longer really need or that are no longer maintained
This is an essential part of keeping WordPress safe. Some plugins started so promising, but the creator may have stopped. Then it’s time to look for an alternative because plugins that are no longer being updated are vulnerable to leaks.
How do you see if plugins are no longer maintained? For example by surfing to https://plugins.wordpress.org and looking at the plugin page there:
Step 4: Check all users
Does the SEO expert who optimized your site 2 years ago really need access? Remove all accounts, especially accounts with administrator rights from your WordPress website. Are there any users you don’t know at all with weird e-mail addresses? Then check carefully whether something has gone wrong on your website.
Where: Wp-admin panel, under Users-> All Users
Step 5: Update everything!
And that means; WordPress itself, plugins, themes, and all other software that you use on your site. Pay particular attention to plugins that are included with your theme for free, or “custom made” themes that are no longer maintained. In the WordPress wp-admin / panel you go to Dashboard-> Updates to see what can be directly updated. But beware, sometimes you have to update paid themes in a different way, for example by manually re-downloading them or by going to the theme’s settings. Check the FAQ of the template maker or contact them if you don’t know how.
Waar: Wp-admin panel, under Dashboard->Updates, Plugins, Appearance->Themes, Theme Settings
Step 6: Install a security plugin
If you have followed all the steps above, your site should in principle already be 99% secure. But it doesn’t hurt to keep an eye on your website, and plugins such as WordFence help with that. Make sure you go through the options just as well, so that you do not constantly receive unnecessary e-mails (which you will automatically ignore).
Where: Wp-admin panel, under Plugins
No more worrying about?
Our WordPress Update Service is a service where we keep your WordPress site, plugins and theme safe and up-to-date.
