How to protect your WordPress website from hacks – LoveYourSite

Over 25% of websites now run on WordPress including many Rather Inventive websites. Sadly this makes it a big target for automated bots and scripts to gain access for nefarious purposes.

Letting your site fall behind on updates can leave it vulnerable to malicious attacks. I’ve provided specific advice on updating WordPress below.

Save tears, backup your site before making any changes.

Update your plugins and themes*

Plugins and themes provide additional style or function not present in WordPress extending it far beyond it’s humble default setup. Plugin developers often have access to early development versions of WordPress so it’s worth updating these first before moving on.

To know if you have any plugin updates, login into your WordPress dashboard then look for the ‘Plugins’ menu on the side bar. If you have updates it will show an orange circle with the number of updates available.

Important. Sometimes updating a plugin can break your website and stop it working, in the worst cases you may even get the ‘white screen of death‘. Most plugins will let you know if there is a potential this might happen such as major updates for WooCommerce so read any update notices carefully.

Update the WordPress core*

Next update the main WordPress files, also know as the core. To see if any updates are available click on ‘Dashboard’ then ‘Updates’ in the side bar.

I recommend you also read through WordPress’s own page on updates, which has further information if you run into problems when updating.

Check it all still works

Before you go on with your day make sure the website’s working correctly including testing contact forms, password protected pages and making dummy purchases if you have an ecommerce site.

Protect from hacks*

Finally I suggest adding two plugins that help prevent malicious attacks, provide email reports when updates are available and can even speed up your website with caching, making it quicker to access commonly accessed pages.

Both have functional free versions with additional paid features should you need them.

Wordfence – Let’s you know if you site becomes compromised through an attack, which files might be affected and provides a cache to speed up the website.

iThemes Security – Locks down your site files to prevent access to automated scripts an people who get the password wrong too many times.

Are there any security plugins you couldn’t live without? Share them with us Twitter.


Do you find this information useful?

Find out how to access a Free Coaching session to discuss how you can put this into action.

* If you don’t feel confident about making any of the recommended changes yourself, consult with your web developer, techie friends or get in touch, we’d be happy help.

Online Marketing Geek. Knower of Social Media, Search Optimisation and the mobile web - Event Speaker - Author

Grab a free copy of our social media strategy book Be Sociable
when you subscribe to our marketing ideas newsletter

Subscribe to a very interesting monthly newsletter with marketing ideas, our podcast and helpful links and tools we've found. You can view the latest newsletter on the link below.

You should also know that we use Campaign Monitor, to deliver the newsletter and gather statistics to help us improve our the newsletter. To find out how we handle personal data view our Privacy Policy