Update Your WordPress Website And Keep Hackers Away


WordPress is one of the easiest, affordable and most commonly used CMS on the market. Therefore, it’s also the main target by hackers and spammers. Regular Wordpress software and Plug-in updates will help prevent your site from being compromised. Here’s a quick tutorial on how to do it yourself. Let us know if you need our help.

Update WordPress

Make A Backup

Having a database and file backup is an important step because if something goes wrong we/you can restore the site to the previous working version.

Depending on which backup plugin is installed you can check if you have a recenty backup going under Settings or Tools. (I usually install UpdraftPlus Backup/Restore or BackUpWordPress).
If there is not a recent backup, create a new one one click the appropriate button usually label with “Backup Now”. This operation can take several minutes to half an hour is the site is very complex.

Make WordPress Backup

Updating WordPress Core

If there is a new version of WordPress, a notice will appear on the top of every page. If you don’t see it, skip this step.
Always update wordpress before updating the plug-ins by clicking “Please update now” notice of the top.

It will send you to this page where you can click update WordPress.

After a couple of minutes you will be redirected to confirmation saying everything went good.

Updating Plug-ins

After you updated WordPress, you can go on the Plugins page. The red items are the outdated plugins.

To update them just click the “update now” link. This operation should take up to couple minutes. When the page display all blue items you have done! Now, Go back on the front-end of the site and make sure everything works.

2) Keep your website secure

After your site is updated, here are some simple steps to keep your site secure.

Logins and passwords

Don’t create new users or change your password using weak passwords. Use this website to create a secure password.


Plugins can be installed very easily on wordpress, but it’s advisable to keep as few plugins as possible and only install well-known plug-ins. Read the reviews!

3) Expert security measurements

  • Remove all meta tags that will tell hacker your site is done in Wordress. For example
    <meta name="generator" content="wordpress 4.0" />
  • Set the following, set these wordpress folder permission
    755 = ./
    755 = wp-admin
    755 = wp-content
    555 = wp-includes
  • Use robot.txt file to tell search engine to stay out your wodpress admin folder. Using this code:
    Disallow: /wp-*
  • Using htaccess file deny all IP (except yours) to access the wp-admin folder. This is an example of the code:
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName “Access Control”
    AuthType Basic
    order deny,allow
    deny from all
    # whitelist home IP address
    allow from
    # whitelist work IP address
    allow from
    allow from
  • Secure your wp-config.php that contains all wordpress configuration to the database.
    # protect wp-config.php
    files wp-config.php
    Order deny,allow
    Deny from all
  • Limit Access to the wp-content folder. This folder contains all of your plugins, themes and uploads and it’s the favorite hacker spot to ulpload malicous scripts. You can use this code in the htaccess file:
    Order deny,allow
    Deny from all
    Files ~ “.(xml|css|jpe?g|png|gif|js)$” 
    Allow from all


Are you confused on how to do all the steps or did something go wrong? Contact us and we will happy to update or fix the site for you.

Skip to content