Updates are important!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature
The biggest source of nearly all hacks is due to lack of updating.
When you see the little red circle
beside the Dashboard button means
you have updates needing to be done
Always make a backup before you update for safe measures.
When it comes to updating if you use
Envato products (ThemeForest and
CodeCanyon) always check the box in
the downloads to be notiﬁed of updates.
That is the only way you will know if any of their products
need to be updated.
This is why the RevSlider infection was so widespread. Many
did not even know the plugin was built into their theme.
It is more important to secure all the
things BEFORE something happens!
Many have yet to learn this!
Every single day hackers ﬁnd new ways to get your information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
• They guess your login information
• Denial of Service Attack (DDoS)
• Through a ﬁle in a theme, plugin, or anything on
your server where they found an exploit
• Through your FTP and/or cPanel conﬁguration
How do they get in?
Never ever never use “admin” as a
username or “password” as
password on any of the things.
Adm1n and Pa55w0rd do not count either!
Only give users the
access they need
Just because they want to be an admin does not mean they should.
Guest bloggers should rarely every be anything more than a
Sometimes they do not need access to all the things
If it is a temporary login, delete
the user when they are done
doing all of their things
If they do have posts, you can convert them to different users
or make them a subscriber with limited access.
Set up ﬁle detection to
make sure nothing ever
Many security plugins like iThemes Security and
WordFence will alert you when ﬁles have been changed
• iThemes Security (Free and Pro version
• Sucuri Firewall
• WordFence Security
• Jetpack with Brute Protect and Vault Press
Security Plugins I recommend
Only keep the plugins and
themes you have active on
An uninstalled plugin or theme is not a potential vulnerability.
Use the plugins repo favorites option to keep a list
of your favorite plugins
Malware Scanning? Do I need it?
• Google Webmaster Tools
• Sucuri Scanner (Built in iThemes Security now)
If you feel your site could be infected, ﬁrst do a malware scan.
There are also plugins that can scan your site manually.
Do your due diligence when looking at
new themes and plugins. Do not pick
one just because it is shiny and pretty.
Do not add every theme you think is pretty
when you decide to change a theme.
Only keep the theme you are using and
one backup theme on your site.
The more themes that are on a site, the more open
chances you have to a vulnerability
Don't ever let your site
get too lonely.
No one knows your website better than you do. Check
on the front end just as much as your backend.
If you have questions take
to the web
There are many resources you have at your ﬁngertips that can help
you do more with your website.
• WordPress forums for themes, plugins, and core
• Third Party websites