Keeping your WordPress website up-to-date is not just a good idea, it’s a requirement.
WordPress is a wonderful platform–it’s open-source (translation:practically free), it has fantastic SEO benefits right out of the box, it makes it easy for non-technical users to manage their content without running to their web developer every other day.
It’s estimated that 25% of the internet runs on WordPress. However, because it is so popular, evil hackers are ALWAYS trying to find and exploit vulnerabilities in the code in order to hack your site.
What’s the solution?
We should assume that the assault by hackers will never stop. The best approach is to put roadblocks in place that make it more difficult for your site to be hacked.
One of the most important of these roadblocks is to always be running the latest version of WordPress, especially if the latest version was a security update release.
Other best practices are:
- Don’t have your login id be “admin” — this is like freely handing over one of the keys to your website. Don’t make it easy for them!
- Change your password periodically. (How to create a sophisticated yet easy-to-remember password.)
- Use a robots.txt file to ask search engines to NOT index the admin area. Some hacks use the power of Google to auto-locate vulnerable Admin panels. If your admin panel has not been indexed, it decreases the chances of it being found by hackers.
- Don’t have a link to your WordPress Admin login page on your site if you can help it. For some membership based sites, this is unavoidable, but if you have a ‘convenience’ link to your Admin login page, say in the footer of your site, you should remove it. Just bookmark the login page instead.
- You may consider using a security service such as Sucuri, to run periodic scans on your website. This doesn’t prevent hacks, but it will notify you immediately if your site has been hacked before the site has time to be blacklisted or flagged by Google as containing malware. These services notify you when your WP version is out of date, and they will also restore your site after a hack.
- And to reiterate, always be running the latest version of WordPress, especially if the latest version was a security update release.
When you login to your WordPress, you will get a reminder at the top of the dashboard nagging you to update to the latest version.
THIS IS IMPORTANT: You must ensure you have proper backups prior to executing the auto-upgrade.
Some Options for Backing Up Your Site
- Our toolkit for Backups, Upgrades and Security Scanning
- ManageWP – Keep regular backups of your site for pennies/day. One-click restore removes the concern of what to do when something goes wrong in an update.
- WordPress Maintenance Service
If you just aren’t sure about any of this, contact us and we can review the site and let you know if you need an upgrade and how to proceed.
SangFroid Web partners with Sucuri to offer website monitoring for unauthorized changes to websites.