WordPress is a free Open Source software that needs to be maintained to ensure that hackers don’t have a chance. However, it’s important to note that we’re not referring to hackers who personally target your website, but rather to automated scripts that scour Google for outdated plugins and themes with vulnerabilities.
In this article, we will explain which parts of WordPress need to be maintained and how you can manage maintenance without risking causing more problems than you prevent.
Maintaining WordPress Plugins
Ensure that you use as few plugins as possible and delete any plugins that you don’t use, even if they are deactivated.
Not all plugin updates are immediately necessary.
New updates for plugins are released monthly, weekly, and sometimes even daily. However, not all updates are equally important. Many plugin updates only bring new features or bug fixes that are not directly related to the security of your WordPress website.
Update your plugins regularly, such as every three months unless you read about a specific vulnerability in a plugin you use.
Maintaining WordPress Themes
First and foremost, you should only keep the active theme on your server. Remove any themes you have previously tried 😉 Hackbots scan the server for themes with vulnerabilities and use them as an entry point to fill your website with malware.
You can remove themes via FTP or by clicking on the theme details of the theme – The Theme Details button appears when you hover over the thumbnail. Then, in the bottom right corner, you will see a “delete” link.
Maintaining WordPress “Core”
Updates for WordPress are released monthly, sometimes even weekly. However, not every update is relevant to security. Wait for a day before updating as there may be bugs or issues in the new releases.
Read on WordPress.org to learn about the type of update, whether it’s a security update or an upgrade with new features.
Maintaining the Server
If you have a Shared package:
This is the entry-level package that costs a few euros per month. You share a server with others, and if their websites get hacked, the speed of your website will also suffer. Additionally, the shared IP address may end up on a blacklist, causing your emails to no longer be delivered.
The advantage is that the hosting provider keeps the software up to date. So you don’t have to maintain it yourself.
If you have a Managed VPS:
With a Managed VPS, you are generally in good hands. The server is updated and provided with important security patches by the hosting provider.
If you have an Unmanaged VPS:
If you have an “unmanaged” VPS, it means that the hosting provider will not perform maintenance on it. You are responsible for maintaining and updating PHP, CentOS, etc. Choose this package only if you have knowledge of Linux or IIS, including shell access.
If you have a budget hosting provider:
Some budget hosting providers are slow with updates, which allows known vulnerabilities on the server to be exploited and viruses to be injected into your website. You want to avoid this as it can be difficult to detect and removing the malware can be a lot of work.
The security of your WordPress website is extremely important. Cybercrime is one of the biggest causes of problems with WordPress – it’s a global problem that even affects major banks like ING and Rabobank, but that’s beside the point.
Securing your website starts with one good plugin. We emphasize one plugin because we often see multiple plugins being used simultaneously, which only leads to problems.
Once the security plugin is properly configured, it’s best to update it as soon as new updates are available.
It’s also important to regularly check the logs to ensure everything is functioning correctly. Don’t be alarmed by the attacks you see in the logs; they are a standard occurrence for any WordPress website that can be found on Google.
A well-maintained security plugin should block 99% of all attacks.
Even if you have everything well-maintained, something can always happen, so make backups!