WordPress is one of the easiest, affordable and most commonly used CMS on the market. Therefore, it’s also the main target by hackers and spammers. Regular Wordpress software and Plug-in updates will help prevent your site from being compromised. Here’s a quick tutorial on how to do it yourself. Let us know if you need our help.
Make A Backup
Having a database and file backup is an important step because if something goes wrong we/you can restore the site to the previous working version.
Depending on which backup plugin is installed you can check if you have a recenty backup going under Settings or Tools. (I usually install UpdraftPlus Backup/Restore or BackUpWordPress).
If there is not a recent backup, create a new one one click the appropriate button usually label with “Backup Now”. This operation can take several minutes to half an hour is the site is very complex.
Updating WordPress Core
If there is a new version of WordPress, a notice will appear on the top of every page. If you don’t see it, skip this step.
Always update wordpress before updating the plug-ins by clicking “Please update now” notice of the top.
It will send you to this page where you can click update WordPress.
After a couple of minutes you will be redirected to confirmation saying everything went good.
After you updated WordPress, you can go on the Plugins page. The red items are the outdated plugins.
To update them just click the “update now” link. This operation should take up to couple minutes. When the page display all blue items you have done! Now, Go back on the front-end of the site and make sure everything works.
2) Keep your website secure
After your site is updated, here are some simple steps to keep your site secure.
Logins and passwords
Don’t create new users or change your password using weak passwords. Use this website to create a secure password.
Plugins can be installed very easily on wordpress, but it’s advisable to keep as few plugins as possible and only install well-known plug-ins. Read the reviews!
3) Expert security measurements
- Remove all meta tags that will tell hacker your site is done in Wordress. For example
<meta name="generator" content="wordpress 4.0" />
- Set the following, set these wordpress folder permission
755 = ./ 755 = wp-admin 755 = wp-content 555 = wp-includes
- Use robot.txt file to tell search engine to stay out your wodpress admin folder. Using this code:
- Using htaccess file deny all IP (except yours) to access the wp-admin folder. This is an example of the code:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName “Access Control” AuthType Basic order deny,allow deny from all # whitelist home IP address allow from 22.214.171.124 # whitelist work IP address allow from 126.96.36.199 allow from 188.8.131.52
- Secure your wp-config.php that contains all wordpress configuration to the database.
# protect wp-config.php files wp-config.php Order deny,allow Deny from all files
- Limit Access to the wp-content folder. This folder contains all of your plugins, themes and uploads and it’s the favorite hacker spot to ulpload malicous scripts. You can use this code in the htaccess file:
Order deny,allow Deny from all Files ~ “.(xml|css|jpe?g|png|gif|js)$” Allow from all Files
Are you confused on how to do all the steps or did something go wrong? Contact us and we will happy to update or fix the site for you.