Call us on 02 8005 3793

Technically, this post isn’t about marketing. But it’s about something very important, which a lot of small business owners neglect. Websites which are not up to date are probably the single biggest WordPress security issue on the web.

What’s the risk?

If you’ve ever had a Website hacked, you’ll know exactly why you don’t want it to happen. There’s the time, cost and inconvenience of regaining control. If you’re unlucky, your email may also be affected. You might even end up on spam blacklists, which is a whole extra world of pain.

The commonest way websites get hacked is through a security gap in the website code. WordPress is open source software, so it’s easy for hackers to examine the code. It’s also the most popular content management system on the internet with 32% of all sites being built on WordPress, so the potential return for hackers is huge.

When a hacker finds a vulnerability, they promptly circulate it to their network. Attacks can skyrocket.

When a white hat hacker (that’s one working for the good guys) finds a security gap in the code, they notify WordPress, or the theme or plugin developer, and the software get updated.

Security is the main reason why WordPress is always being updated. It’s why themes are being updated. It’s why plugins are being updated.

If your WordPress site isn’t up to date, you risk being hacked.

How do you keep your site up-to-date?

It’s really simple.

  1. Log on to your site and look at the dashboard.

If you see a little red number next to the word updates, like the one in the picture below, that means there are updates you need to apply.


  1. Apply the updates.

You do this by clicking on the word Updates, which will take you to a page with all the updates available. Just select and update.

  1. Take a quick look at your site to make sure nothing has broken.

What can go wrong?

99.99% of the time, everything will be fine. On a few rare occasions, an update is incompatible with something on your site and something’s broken.

If your hosting provider is halfway good, they will have a back-up. Just contact them and get them to restore your site to the latest backup. It might cost you a little bit, but it’s far less than the cost of restoring a hacked site!

Once you’ve got the site restored, your next step is to get your web developer to investigate the site and work out what is incompatible with what. Then they can review and test alternatives, so you get an updated and secure site with all the functionality you need.

If your hosting provider doesn’t provide backups, or if you need a web developer, get in touch and we can refer some companies we trust.

Other WordPress security tips

Remove inactive themes and plugins

You’re not using them. What’s the point in having them there? Not only are they a security risk, they can also slow down your site.

Don’t have a user called ‘Admin’

It’s the most common user name. It’s an easy one for anyone to try. If you combine it with an easy password, it’s like leaving the key in the lock of the front door.

Use strong, unique passwords for all users

If you use a password everywhere, it’s effectively a skeleton key. Which is fine until it gets into the wrong hands…


Install a security plugin

We use Wordfence. But there are other options too. Talk to your hosting provider or web developer.

And if that’s still not enough to keep you busy, check out Wordfence’s list of top WordPress security mistakes.



You might also like