WordPress is an amazing platform for websites. It is widely supported, versatile, and easy to use. WordPress even powers around 1/5 of all websites in the WORLD.
With all of this in mind, it has also become a target for hackers. Hackers are always looking for bugs within WordPress + its plugins that allow them to get access to your website and add spam, deface it, or do whatever their nefarious task is.
It is easy to avoid being hacked. All you need to avoid 99.9% of issues is keep WordPress & your plugins up to date.
I’ve never seen a WordPress website get hacked that has kept everything up to date. Below I’ll show you the steps to do this yourself.
NOTE: Before doing anything please read through all of the below steps and make sure to follow them. If you aren’t comfortable with the following steps you shouldn’t be doing your own WordPress updates. You should contact a professional to do them for you.
Whether you’re updating your software or not you should ALWAYS keep backups of your website. Some web hosts allow you to easily do this yourself. There are also a number of plugins that allow you to manage your own backups.
For backups through your web host — ask your web host. They may automatically make backups for you. They may make you manually make your own backups. Ask them to find out.
For backups through a WordPress plugin — there are a number of plugins available for you to make/restore your own backups. Backup Buddy is the one we see most widely used (it is a paid plugin).
It should be noted: no matter how you make backups of your website, make sure that you do not simply store them on your web hosting. You should also download them or store them elsewhere (DropBox, FTP, etc) just in case!
You should also know how to not only make backups but how to restore them as well. This way in case you have any issues you can quickly get your working website back online.
If you don’t make backups of your website and something goes awry when you make updates to your website… you’re going to have an unpleasant time fixing things and if you have someone fix it for you, it could be costly. There is no excuse not to make/keep backups of your website.
WordPress will tell you if there are any WordPress or plugin updates available. This is very easy to find in your WordPress Dashboard:
As you can see on this example website, in the left navigation next to ‘Plugins’ it will tell you how many plugin updates there are. It will show you all of the updates available — for both plugins that are ‘Active’ and those that are not (in the above example, the ones marked in red are active).
Note: If you have plugins listed here that you don’t use anymore then you should simply delete them.
Assuming you’ve made your backups in step one, you can now do these updates. You can do this by clicking the ‘update now‘ link next to each plugin.
Don’t do updates without first making a backup as mentioned in Step 1.
I suggest doing the updates one by one. This way If there are any issues after doing the update(s) you know which plugin update is to blame.
After you do the update(s) it is very important that you check to make sure everything still works.
Go to your website and make sure the site itself loads/works. Some issues with plugin updates can cause your website to all of a sudden look different or have error messages showing.
IF you are seeing any errors / issues you should make note of the errors/issues that are happening — copy the error message or take a screenshot. You should then restore your backup and skip that update. Move on to the other updates and repeat any updates you had already done that did not have issues.
IF all looks good when you load the website (no formatting issues/code showing) — go ahead and test the plugin itself.
If you updated the contact form plugin then you should submit a test form and make sure it works like it should. If you updated your gallery plugin then test the gallery and make sure it still works. You get the idea.
Go ahead and go through this with each plugin update.
If you had any hiccups while doing your updates then you should contact your web designer and let them know.
You should be very descriptive about what you did and what issue it caused, this way they can then get it fixed for you. The better your description of the issue is, the faster they will be able to fix it.
If you aren’t 100% comfortable with all of the above steps then you shouldn’t be doing any updates. Your website is the face of your company so you don’t want it to broken for an extended period of time. It’s ok to admit you’re not cut out to do the updates.
If you have any questions about the general process please comment below or get in touch with a professional.
Cheers to keeping your website safe and up to date!