Is Your WordPress Site in Danger?

If you don’t know the answer to this question, it’s safe to assume that your WordPress site may be in a bit of a pickle – maybe. Here’s why:

Relatively easy to use, the WordPress Content Management System and Windows Operating Systems have become victims of their own success.

Unfortunately, successful software attracts the unwanted attention of hackers, who, bizarrely, claim that their actions force software providers into improving their products.  Well, sort of , but I’m sure you’ll agree that this is a bit of twisted logic.

Despite the grains of truth in this assertion, these Champions of the People are of zero comfort to anyone who has ever had their website or computer hacked.  We’ve heard of site owners who have, through simply not knowing about WordPress updates, have lost their website, their hosting – the lot.  Without a “clean” back up, should your website become infected your presence on the internet is kaput. Finished. Knackered.  It will be an ex-presence and you will need to start from scratch.

Despite the robust protection software out there, many of us simply keep our fingers crossed and hope for the best.   Don’t be one of those people.  If your website is essential to your business, you should consider a website security strategy.

Aha, we have one for you.  Here’s Richard’s 10 Point Back Up Strategy, a pretty cool blueprint to show you what to do and how to do it.

However it is not possible to understate the need for extreme care when using the following procedures. Please feel free to contact us if further clarification is required.

Firstly lets deal with your site’s hosting account as we’ll need to dig deeper than the WordPress Dashboard to have a bullet-proof strategy.

10 Point Back Up Strategy

1/ * Remove unused plugins The first time you follow this guide start with steps 4 and 5 followed by steps 1 and 2.
2/ * Remove unused themes
3/ * Check if updates are needed
4/ Gain access to your hosting control panel
5/ **Backup Your Files Do this after adding new content or when updating
6/ ** Backup Database
7/ * Update WordPress Core
8/ * Update Theme
9/ * Update Plugins
10/ ** Deploy Back Ups
* Working from your WordPress Admin Area ** Working from your Hosting Control Panel

WordPress Admin Dashboard

WordPress dashboard looks something like this

Logging into your WordPress admin area is a fairly standard procedure.

If your WordPress site was created by a third party and you find that you don’t have or that your access is restricted, you will need to have a conversation with them (the third party) regarding access to YOUR WEBSITE. Ahem.

1.Remove unused plugins

The great thing about WordPress?  Anyone can create a plug-in.  All very democratic.

The worst thing about WordPress?  Anyone can create a plug-in.  Power to the People. Yikes.

Even if a plug-in is not activated, it is still sitting in your hosting account.  And you may have an extortionate number of back-door ways into your website.


inactive plugin asking to be activated

If you are being prompted to activate a plugin that you are not using – DELETE IT.

2.Remove unused themes

A WordPress theme is the style, look and feel of your website.  Some are free, some are expensive but they’re all pretty good.

Without knowing it, you may have two themes on your site:  Your main theme (obvious) and a “child” theme, which your website designer may have installed on it.  A “child” theme contains all the customisation functionality that has been added to make your site unique to your requirements.

This second theme is kept separately and doesn’t require updating.

The main (in effect “parent”) theme will need regular updates if they are available.  Why? Because it’s ESSENTIAL for the security of your website.

Using your WordPress site as a repository for themes because you feel you need lots of them at your fingertips is VERY UNWISE.  Do not do this.  Ever. Even if you have unlimited hosting.


beware of child theme - do not delete

5 themes are install but be careful 2 of them are needed.

Select Theme Details to find the Delete option.

child theme confirmation

This message confirms that the 2 themes are related


3.Check if updates are required

Very important:  WordPress will give you clues as to what updates are required.  They will not prompt you directly via email as they just provide the Content Management System and not all the bits and pieces that sit within it.

The image below shows the dashboard admin bar with the number 4 next to the update icon.

Clicking the icon will lead us to more details.  It tells us that WordPress itself does not need updating however 3 plug-ins do.  With us so far?

Finding out what updates are required

So, are you wondering where the 4th update is?

From experience, I would guess that the theme that is being used requires an update.  See the section below referring to theme updates answers to see if that is indeed the case.

Ok.  Now we know that some updates are required.

However, we need to make sure that we have current back ups of the our files and our database, so that there is an original copy.  This is a bit like having to “save” your work when you are working on a Word document.

4.Learn how to access your hosting control panel

WordPress is designed to give website owners a good deal of control over their site.

However, any website pages that appear in your webspace are merely floating on the surface of your hosting account.  WordPress is like the outer skin of an onion, with the hosting control panel and databases much deeper, therefore they need different access levels and in effect, levels of care.  Who knew?

The WordPress Dashboard literally scratches the surface of the software required to present your website to the world.

hosting conrol panel

Typical Hosting Control Panel

5. Backup Files

file back up icon

Create a full back up

Unless you understand the directory structures – create a full back up

6.Backup your databases

database access point
Somewhere within your hosting control panel you should see an icon like the one shown above.

Double click it to see more options.
database selection point
Fortunately,  we are presented with a nice back up button. Clicking this will gives us a downloadable file that we can store in a safe place.

7.Update WordPress Core

This is the actual WordPress code – the actual framework of the site. Compatibility between your plugins and this code is of utmost importance.  This is where it can all go wrong.
In this case we don’t need to run the update.  However, if we did we would update the core before the plugins and the theme.

8.Update Theme

find themes

Locate the themes section with the dashboard

a theme update is required

Once in the theme section we can see a prompt to update the theme

9.Update Plugins

Looking at the above image we are being told that 3 plug-ins need updating and that compatibility  is 100%.

So, if you if you have 100% faith in the plug-in authors you might want to select all and update all the plugins at once.

Personally I would update them one at a time and check that all is okay before moving onto the next plug-in (but I am super cautious). I do it this way so if things go wrong I know which plug-in caused the problem.  This means that should the worst happen, it’s pretty good information to have at your disposal.

10 – Deploy Backups

Watch this space. Above, we have covered the first part of this scenario.  If you are lucky, you will never need to deploy the back-ups.  However, having them to hand means that you are in a good position.

Sign up to this mailing list to receive updates regarding deploy backups.

Simply fill in the form below and hit the return key.

Subscribe to our mailing list

* indicates required

Post Navigation