Keep Your WordPress Site Safe In 6 Steps

This is a short but powerful guide on how to keep your WordPress website safe, and protected against hackers and other dangers.

Step 1: Have a good backup plan.

Ask yourself this question. If your site is now suddenly deleted, can you restore a backup from 1 day ago, and also from 1 month ago? If not, there is work to be done. You can use a plugin such as a backup buddy, or 1 of the many other backup plugins . It is important to remember that a backup of your site that is local (in your site itself) is -no-backup!

Where: for example on your own computer or in the cloud (think of the privacy aspect)

Code Orange also offers free backups, which are automatically made for you, and can be restored at your request. You should see that as an extra safety net, and – not – as a replacement for your own backups.


Step 2: Remove all unused installations from WordPress and other applications.

You may have done a test installation on a subdomain and have not looked at it anymore. Hackers love that, and use that outdated installation to get into your real website. Easily delete unused subdomains via the Control Panel , and unused folders within your website via FTP .

Where: Control Panel, FTP


Step 3: Remove all plugins and themes that you no longer really need or that are no longer maintained

This is an essential part of keeping WordPress safe. Some plugins started so promising, but the maker may have stopped developing it. Then it is time to look for an alternative, because plugins that are no longer updated are vulnerable to exploits.

How do you see if plugins are no longer maintained? For example, by surfing to and looking at the plugin page

Where: Wp-admin panel, Plugins, Appearance->Themes

A plugin such as Wordfence can you also alert you to that.

In any case, remove plugins and themes that are not active. Many people think that inactive plugins can not be exploited, but that is certainly not the case as the files are still there!


Step 4: Check all users

Does the SEO expert who optimized your site 2 years ago really still need access? Remove all accounts, especially accounts with administrator rights from your WordPress website. Because your previous SEO expert might not mean any harm, but his password could accidentally be leaked. Are there users that you do not know at all, with weird email addresses? Then check whether something has already gone wrong in your website.

Where: Wp-admin panel, under Users-> All Users


Step 5: Update everything!

And that means; WordPress itself, plugins, themes, and any other software you use on your site. Pay particular attention to plugins that come with your theme for free, or “custom made” themes that are no longer maintained. In the WordPress wp-admin / panel you go to Dashboard-> Updates to see what you can immediately post up. But beware, paid themes sometimes need to be updated in a different way, for example by manually re-downloading them or by going to the settings of the theme. Look in the template maker’s FAQ or contact them if you do not know how to do it.

Where: Wp-admin panel, onder Dashboard->Updates, Plugins, Appearance->Themes, Theme Settings

The biggest risk? In the past, popular plugins such as Revolution Slider, which were often supplied free with themes, caused the biggest problems because they were not updated properly.


Step 6: Install a security plugin

If you followed all the steps above, your site should in principle already be 99% secured. But it does not hurt to keep an eye on your website, and plugins like WordFence help with that. Make sure that you go through the options as well , so that you do not receive unnecessary emails (which you will automatically ignore).

Where: Wp-admin panel, under Plugins


It is good to know that earlier this year, a bug in WordPress turned automatic updates off -forever-. That was fixed in WordPress 4.9.4, but if you are running 4.9.3, you have to do a manual update! 


Code Orange, we provide you backup service and always keep your website, plug-in, and theme up to date. We also have malware scanning to make sure that your website always secured.


WordPress Downgrade Plugin

By Rutger | August 14, 2020

If for some reason you run into an issue when you upgraded WordPress, you can simply restore the backup that you made (you made one, right?) If the issue is with WordPress core, and for example your theme does not (yet) support the new WordPress version, then it’s good to know there’s a downgrade plugin…

WordPress 5.5 “Eckstine”

By Rutger | August 11, 2020

[Upgrade issues? Check the downgrade plugin post] Here it is! WordPress 5.5 “Eckstine” is finally released. The 39th version of WordPress is named after the jazz musician Billy Eckstine. You can download the latest version of WordPress or update in your dashboard. With the new WordPress 5.5 “Eckstine”, your site gets new power as it is…

Two Factor Authentication (2FA) for Control Panel

By Rutger | August 11, 2020

The control panel already limits unauthorized login attempts to prevent anyone from accessing your sensitive information. You can also add an extra layer of protection by enabling two-factor authentication. Two-factor authentication also known as two-factor verification or 2FA is an additional step in the login process that requires users to present a piece of information that…

Google Resumes Its Attempt to Hides Full Addresses on Chrome 85

By Rutger | July 1, 2020

Over the years Google has tried to hide full URLs in Chrome’s address bar, despite the public backlash that came after every attempt, Google is pressing on with new plans to hide all parts of web addresses except the domain name. To test this, you have to download and install the Canary channel from the…

How to protect yourself from your ISP snooping on the websites you visit

By Rutger | June 21, 2020

TLDR; To prevent your ISP snooping on the websites you visit, you must not only change your browser settings, you most likely also need to change your DNS settings. Your Internet Service Provider (ISP) connects you to the internet, every request sent can be logged and tells your ISP which websites you visited, down to the hostnames…

Thai Database Leaks 8.3 Billion Internet Records

By Rutger | June 5, 2020

Thailand’s largest telecommunications company’s Advanced Info Service (AIS) urgently brought down one of its databases following a leak of more than 8 billion real-time internet records on millions of Thai internet users. The data breach was discovered by security researcher Justine Paine, who found an exposed ElasticSearch database online containing DNS queries and Netflow data…

What is the new Brave Browser about?

By Rutger | May 20, 2020

The internet took a deep dive into Brave Private Browser, to figure out why it has become increasingly popular to users. Here’s what you need to know to decide whether Brave’s for you.   What makes Brave browser special amongst other browsers is its speed and the privacy protection it provides to users, both a…

Keep your email safe from hackers and trackers using Firefox Private Relay

By Rutger | May 13, 2020

Firefox Private Relay is a new add-on service by Firefox maker Mozilla; the service is designed to reduce unwanted emails and spam by generating unique aliases acting as a proxy email service to hide the user’s email address from advertisers and spam operators when signing up for a web form. The service entered testing last month…

Zoom’s 5.0 Update Improves Encryption, Adds Meeting Security Features

By Rutger | May 7, 2020

As the COVID-19 virus spread across the globe, the business landscape was forced to make a number of swift changes. Almost overnight, the video conferencing app Zoom becomes the go-to option to hold lessons, business meetings, and sensitive discussions. The surge in popularity, the firm was also bombarded for issues related to its privacy and…

How to Change PHP Version of Your Websites

By Rutger | May 5, 2020

Update: PHP 7.4 is available (August 2020) While it is a best practice to always use the latest version of PHP, compatibility is also an important factor to consider before upgrading. Starting May 2020 it is now possible to choose which PHP version your account uses via the Control Panel.   Note: this is done per account (username),…