We've had a few clients come to us over the years with hacked WordPress websites. Sometimes the hacks are easy to fix and other times they're a lot more involved and thus, costly. The most important thing you can do to help keep your site secure is to do regular updates to WordPress core, themes and plugins at least once a month at the bare minimum, weekly is best.
1. Before you do anything, run a backup of your site.
Don't rely on the backups provided by your hosting server. Always run a backup of your website prior to doing any updates. This way, if (or when) something breaks, you can revert your site back to the working backup and either try again or get a professional to help you out.
Here's some details on WordPress.org on how to back up your website. You might also want to look at an automatic backup system such as BackUp Buddy (our recommended system) or UpDraft Plus (there's a free version)
2. Visit the Updates page under Dashboard on your WordPress website
This page is going to show you a list of all the plugins, themes and even WordPress core that have updates available.
WordPress will show you in 3 locations where updates are needed. If theme(s) or WordPress core need updating, they'll be shown in the top 2, but not next to the Plugins page.
3. Update WordPress core
Typically WordPress core has 2 major revisions come out each year, usually in the Spring and Fall. Unlike minor (security updates) WordPress core updates, these need to be applied manually. Most of the time you'll be able to skip this step.
4. Update Themes
Once you know WordPress is running the latest version, you'll want to check that your theme is up-to-date.
Do not update your active theme! Updating your active theme will remove your site customizations if you didn't use a child theme when you initially created your theme. Updates to your theme files will need to be done manually via FTP and possibly involves updating files as well, depending on your customizations. Here's some great tips on how to do this. We're also available if needed.
Now is also the time to remove any themes you may have installed but then decided not to use.
5. Update Plugins
The plugins page is likely where most of your updates will be, depending on the number of plugins you have installed. I like to go through the plugins one-by-one and update them ensuring there's no problems or conflicts when updating to the latest version. If there is any problems, your backup file will help you to revert back to the old version, giving you time to figure out what caused the conflict and whether there's a solution to the problem or if you need to wait for the developer to release another version.
If you've stopped using a plugin but still have it on your site, we recommend removing the plugin. Even though the plugin is deactivated, the files are still accessible on your site and can put you at risk of being hacked.
6. Site Maintenance
I like to run some minor site maintenance once I'm done updating everything. These updates can include:
- Empty spam comment folder (Akismet is great for helping to reduce comment spam, if you have comments turned on)
- Scan through Security logs. We love iThemes Security (Free or Pro) but WordFence or Sucuri are also great.
- Check your Google Analytics logs. Get familiar with them and learn how your website is performing in the search engines
- Check that your hours, staff, deals and any other content is up to date.
These tips will help keep your WordPress website up-to-date and secure. If you feel if this is too technical or not something you want to worry about, our WordPress Care Plans might be exactly what you need. Get in Touch today!