How to protect your WordPress website from hacks – LoveYourSite
Over 25% of websites now run on WordPress including many Rather Inventive websites. Sadly this makes it a big target for automated bots and scripts to gain access for nefarious purposes.
Letting your site fall behind on updates can leave it vulnerable to malicious attacks. I’ve provided specific advice on updating WordPress below.
Save tears, backup your site before making any changes.
Update your plugins and themes*
Plugins and themes provide additional style or function not present in WordPress extending it far beyond it’s humble default setup. Plugin developers often have access to early development versions of WordPress so it’s worth updating these first before moving on.
To know if you have any plugin updates, login into your WordPress dashboard then look for the ‘Plugins’ menu on the side bar. If you have updates it will show an orange circle with the number of updates available.
Important. Sometimes updating a plugin can break your website and stop it working, in the worst cases you may even get the ‘white screen of death‘. Most plugins will let you know if there is a potential this might happen such as major updates for WooCommerce so read any update notices carefully.
Update the WordPress core*
Next update the main WordPress files, also know as the core. To see if any updates are available click on ‘Dashboard’ then ‘Updates’ in the side bar.
I recommend you also read through WordPress’s own page on updates, which has further information if you run into problems when updating.
Check it all still works
Before you go on with your day make sure the website’s working correctly including testing contact forms, password protected pages and making dummy purchases if you have an ecommerce site.
Protect from hacks*
Finally I suggest adding two plugins that help prevent malicious attacks, provide email reports when updates are available and can even speed up your website with caching, making it quicker to access commonly accessed pages.
Both have functional free versions with additional paid features should you need them.
Wordfence – Let’s you know if you site becomes compromised through an attack, which files might be affected and provides a cache to speed up the website.
iThemes Security – Locks down your site files to prevent access to automated scripts an people who get the password wrong too many times.
Are there any security plugins you couldn’t live without? Share them with us Twitter.
Do you find this information useful?
Find out how to access a Free Coaching session to discuss how you can put this into action.
* If you don’t feel confident about making any of the recommended changes yourself, consult with your web developer, techie friends or get in touch, we’d be happy help.