Keep Your WordPress Site Safe in 6 Steps

This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other scum. 

Roadmap

Step 1: Make sure you have a good backup plan.
Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day back and also from 1 month back? If not, there is work to be done. You can use a plugin as a backup buddy, or one of the many other backup plugins . It is important to remember that a backup of your site locally (on your site itself) – not a backup!

Where: for example on your own computer, or in the cloud (think of the privacy aspect)

Step 2: Remove all unused installations from WordPress and other applications.
You may have done a test installation on a subdomain, and you no longer looked at it. Hackers love that, and use that outdated installation to get into your real website. Easily remove unused subdomains via the Control Panel , and unused folders within your website itself via FTP.

Where: Control Panel, FTP

Step 3: Remove all plugins and themes that you no longer really need or that are no longer maintained

This is an essential part of keeping WordPress safe. Some plugins started so promising, but the creator may have stopped. Then it’s time to look for an alternative because plugins that are no longer being updated are vulnerable to leaks.

How do you see if plugins are no longer maintained? For example by surfing to https://plugins.wordpress.org and looking at the plugin page there:

Wp-admin panel, Plugins, Appearance->Themes

Step 4: Check all users
Does the SEO expert who optimized your site 2 years ago really need access? Remove all accounts, especially accounts with administrator rights from your WordPress website. Are there any users you don’t know at all with weird e-mail addresses? Then check carefully whether something has gone wrong on your website.

Where: Wp-admin panel, under Users-> All Users

Step 5: Update everything!
And that means; WordPress itself, plugins, themes, and all other software that you use on your site. Pay particular attention to plugins that are included with your theme for free, or “custom made” themes that are no longer maintained. In the WordPress wp-admin / panel you go to Dashboard-> Updates to see what can be directly updated. But beware, sometimes you have to update paid themes in a different way, for example by manually re-downloading them or by going to the theme’s settings. Check the FAQ of the template maker or contact them if you don’t know how.

Waar: Wp-admin panel, under Dashboard->Updates, Plugins, Appearance->Themes, Theme Settings

Step 6: Install a security plugin
If you have followed all the steps above, your site should in principle already be 99% secure. But it doesn’t hurt to keep an eye on your website, and plugins such as WordFence help with that. Make sure you go through the options just as well, so that you do not constantly receive unnecessary e-mails (which you will automatically ignore).

Where: Wp-admin panel, under Plugins

No more worrying about?

Our WordPress Update Service is a service where we keep your WordPress site, plugins and theme safe and up-to-date. 

How to Optimize Site Performance for Core Web Vitals

By Rutger | June 8, 2021

There are many factors that affect website rankings, one of which is, site performance. How does your site perform in terms of speed and accessibility? Just this month  Google established a new user experience metric called Core Web Vitals. Core Web Vitals aims to put the most optimized website in terms of performance on top of…

Firefox’s new Site Isolation Security Architecture

By Rutger | May 28, 2021

Online there are plenty of untrustworthy websites that could overpass the initial security in your primary browser. Which is why Firefox developed a new Site Isolation Security. With the main purpose of preventing malicious websites from accessing or stealing information from your accounts on other websites.  The process of site Isolation security is separating web…

WordPress Proposes Blocking Google’s FLoC

By Rutger | April 25, 2021

In the recent announcement from WordPress, they state that they are treating Google’s new FLoC tracking technology as a security concern and may block it by default on WordPress sites. Google’s Federated Learning of Cohorts (FLoC) received a lot of criticism concerning privacy. “FLoC is meant to be a new way to make your browser…

Am I FLoCed? A New Site to Test Google’s Invasive Experiment

By Rutger | April 5, 2021

 Am I FLoCed is one of an effort to uncover the invasive practices of the adtech industry—Google included. It is a new site where you can check if you are being subjected to the latest advertising experiment, FLoC. What is FloC? Federated Learning of Cohorts or FLoC is Google’s new advertising technology intended to replace…

DuckDuckGo Browser and Extension

By Rutger | February 25, 2021

DuckDuckGo describes itself as “the search engine that doesn’t track you.” Although DDG is better known for its privacy-focused search engine, the company has expanded into making its own Privacy Browser app for Android and IOS. The DDG Privacy Browser has the speed you need, the browsing features you expect (like tabs & bookmarks), and…

The Search Engine That Doesn’t Track You

By Rutger | February 11, 2021

THERE’S A NEW battleground in the browser wars: user privacy. Just recently, we published an article about Brave browser and how effective its tracker blocking technologies. So here’s another talk of the town privacy-focused search engine that will help you enjoy the internet without having to worry about leaving a digital footprint.  What is DuckDuckGo?…

Mozilla Firefox 85.00 is Here!

By Rutger | January 30, 2021

The popular open-source web browser Mozilla Firefox finally released version 85.00. With significant updates including the much-awaited major privacy enhancement called network partitioning. Check out the major improvements and what’s been added and changed for the latest Firefox 85.00. What’s new? The Adobe’s popular software Flash Player is no longer supported by Firefox 85. “There is…

Update: Let’s Encrypt Extends Support for Android 7 or Older Devices for Three Years

By Rutger | January 13, 2021

Back in November, Let’s Encrypt an open certificate authority announced an end to its partnership with Identrust and to “Standing on Our Own Two Feet – Let’s Encrypt”. The supposed part ways will cause compatibility issues with Android 7.1.1 or older to not be able to access HTTPS websites.  In its new announcement, Let’s Encrypt has…

Apple and Cloudflare team up to stop your ISP from seeing which websites you visit

By Rutger | December 16, 2020

Apple and Cloudflare team up to develop a new internet protocol called “Oblivious DNS-over-HTTPS,” or “ODoH,” which can prevent Internet Service Providers (ISP) from knowing which websites you visit. When visiting a website the request sent can be logged and tells your ISP which websites you visited, down to the hostnames and subdomains. This information…

Standing on Our Own Two Feet – Let’s Encrypt

By Rutger | November 13, 2020

[Update] Let’s Encrypt Extends Support for Android 7 or Older Devices for Three Years Let’s Encrypt announced its partnership with IdenTrust will come to an end by September 1, 2021. Except for its own root certificate, Let’s Encrypt has been using a cross-signed certificate from IdenTrust. The decision to part ways is dubbed as the…