WordPress is the most popular CMS in the world and that makes it a big target for the dark underbelly of the Internet. Waking up to news reports of a vulnerability in your website platform can really ruin your day but there are quite a few things that you can do to ensure that your site stays secure and out of harms way. Our WordPress security guide will help you secure and harden your website so you can focus on your customers and content.

  1. Keep WordPress core up to date
    With WordPress’ auto-update feature this has never been easier. Minor updates (such as an upgrade from version 4.2 to 4.2.1) will apply automatically, keeping the core of your website bug-free and secure. Major updates, like going from version 4.2 to 4.3, will require a manual update as they are more likely to require further work to be done for full compatibility. Keeping WordPress core up to date is the single most important thing you can do to ensure the security of your website, and thankfully, it’s very easy to do. Always remember to create a complete backup of your site and database prior to updating.
  2. Keep your WordPress plugins up to date
    WordPress core is lean and lightweight on purpose; it keeps the platform fast, stable, and secure. Plugins extend functionality but add bloat to your site and when you hear about a vulnerability it’s usually due to a weakness in a plugin being exploited. Keeping them updated is vital but a bit tricky; a poorly implemented update can break functionality on your site. We find that most of the time when something breaks on a site it was due to a plugin update. As with WordPress core, always remember to create a complete backup of your site and database prior to updating.
  3. WordPress Security GuideScan your site
    Once you’ve updated everything and tested your site, or if everything is already up to date, run a free malware and security scan with Sucuri to see if your site is clean. This will only scan what Sucuri can see, but it’s a good start and only takes a few minutes to run. If something is found by the scan, sign-up with Sucuri and they will remove it. They do an excellent job with this and we highly recommend them. If you’ve signed up for a paid account you can also install a server-side scanner for a more in-depth scan.