WordPress security is really important. What I mean by that is keeping your version of WordPress up-to-date. The reason for this is because WordPress is a big complex piece of code and hackers will often find a way to get in by exploiting some security breach caused by a bug or a negligence in the code and gain control of you website files. Most of the time it is caused by robots (automated scripts) installing a malware (software designed to disable or damage your computer) to redirect users visiting your website to another website or they will inject some ads, etc. Their sole purpose is to actually take control of your website for their own benefit. When your version of WordPress is not up-to-date you are in some way vulnerable for these kinds of attacks.
The WordPress community is very quick at fixing these issues when discovered so it’s really important that you keep your version of WordPress up-to-date. Here’s what to know before you go:
- Update Notifications – When you see that little update notification on WordPress go ahead with the update, however before you do make sure you have a solid back up plan in place so that every now and then both your database and your WordPress files are backed up. The reason for this is if an update goes wrong for some reason – let’s say someone worked on your website and did some modifications to your files which actually changed the core of WordPress – and then you update WordPress, it could potentially break the website. But this is a very rare situation.
- Daily Back-Ups – Bottom line is you want to make sure you are doing a back up every day of your WordPress database and your files. Once you know you have that in place feel free to update at will. You don’t have to backup everyday if your website is rarely updated with new posts or pages. The backup frequency really depends on the usage you make of your website.
- Update Plugins – You also want to update all the plugins because it’s not just the WordPress core you are using. You want to make sure they are up-to-date because even with plug-ins there are sometimes code vulnerabilities that are discovered and need to be fixed. Usually for major plug-ins they are quite quick to fix these and you will want to update these on your WordPress back end.
- Update Themes – As for the plugins, themes should be updated if they are premium or free from the WordPress theme library. They can be vulnerable as well. They can be updated in Appearance -> Themes. If auto-update is not set, like you bought a theme from “Theme Forest” or other premium theme provider, make sure to check with them weekly if they have released an update.
- Choose the right plugin – There are thousands of free plugins out there in the WordPress library. You want to make sure you install a plugin that is actively maintained by its author in order to keep your website safe. It is easy to check this by going on the details tab of the plugin page and check the last updated date value. If a plugin becomes part of something important you do, we recommend to go with a premium plugin (a plugin you have to pay for), because you will most likely be sure they have a person or a group dedicated to the development. Free plugins are awesome because they are free! But the authors do not have any obligation to update them.
- Website security maintenance – Keep this a routine to check every week, making sure all is up to date. Set a time aside for this, like Friday evening while traffic is low on your website and do the updates.
There is much more to do to keep your website secure, but the above points are the essentials. We can definitely help you maintain your website security to ensure you are always up-to-date with the latest updates and offer recommendations.