Frequently Asked Questions

Keeping Your WordPress Site Secure

Print this Article
Last Updated: May 11, 2015 2:13 PM

Online security is a big deal. Here are a few tips to keep your WordPress® website secure:

Update Your WordPress Website

Make sure to keep your WordPress core, themes, and plugins up to date. For more information, see Why is it important to update hosting plugins?

If you installed WordPress through Value Applications , updates are available as soon as we've tested it with our systems. This is usually within one business day of the release on WordPress.org. For more information, see Upgrading to a New Version of a Hosting Quick-Install Application.

You can still update WordPress through the admin dashboard. This may cause your site's version of WordPress and Value Applications version of WordPress for your site to get out of sync, though. If this happens, attempting to update WordPress through Value Applications results in an error message and you need to update WordPress through the admin dashboard in the future.

To Update Your WordPress Website

  1. Log in to your WordPress admin panel.
  2. From the Dashboard click Updates.
  3. Follow the on-screen directions to update your WordPress website.

Use Anti-Virus in Your Computer

If an attacker gains access to your computer, they can gain access to your WordPress site while you're logged in, or from your saved browser passwords. Keeping your computer safe is one of the best steps you can take toward keeping your site safe.

Maintain Good Password Security

Your password protects your WordPress site. Make sure it's hard to guess, not shared with anybody, and changed frequently. Most security experts recommend changing your password every 90 days to prevent attackers from accessing your site by repeatedly guessing your password.

If you need to share your WordPress admin with another user, you should create a new user account for them.

For more information, see Keeping Your Hosting/FTP Password Secure and Generating a Strong Password.

Connect via FTP-SSL

Connecting to your site via FTP-SSL keeps your password secure from eavesdropping. For more information see Connecting to Your Shared Hosting Account with FTP-SSL.

Invest in Extra Security

For an additional cost, you can purchase services that bring extra security to your site. There are several services available that look for changes and known vulnerabilities in your site on a regular basis.

Purchasing an SSL certificate and configuring WordPress lets you log in and use your administration page over https. This protects your password and admin session from eavesdroppers on your network. For more information, see Using an SSL with Your WordPress Admin Control Panel.

Restore Your WordPress Website

Sometimes you need to restore your site to a previous version. Your site's database and files are automatically backed up every night. Use these articles to backup and restore your site:
Backing up and Restoring MySQL or MSSQL Databases
Restoring a Linux Hosting Account