The best way to avoid being hacked is to keep WordPress & your plugins up to date.
WordPress websites rarely get hacked if Wordpress core files and plugins are kept up to date. Below I’ll show you the steps to do this yourself.
NOTE: Before doing anything please read through all of the below steps and make sure to follow them. If you aren’t comfortable with the following steps you shouldn’t be doing your own WordPress updates. You should contact a professional to do them for you.
Whether you’re updating your software or not you should ALWAYS keep backups of your website. Some web hosts allow you to easily do this yourself. There are also a number of plugins that allow you to manage your own backups.
Backups through your web host — ask your host. They might automatically make backups for you. You may be required to make your own backups manually through their control panel. Contact your host to find out.
Backups through a WordPress plugin — there are a number of plugins available for you to make/restore your own backups. Backup Buddy is the one we see most widely used. It is a paid plugin though there a range of free alternatives. Just be sure to rune some tests before relying to heavily on any backup systems.
No matter how you make backups of your website, make sure that you do not simply store them on your web hosting. You should also download them or store them elsewhere in the case that you are not able to access your server.
You should also know how to not only make backups but how to restore them as well. This way in case you have any issues you can quickly get your working website back online.
If you don’t make backups of your website and something goes wrong when you make updates to your website… you’re going to have an hard time fixing things and if you have someone fix it for you it could be costly. There is no excuse not to make/keep backups of your website.
WordPress will tell you if there are any WordPress or plugin updates available. This is very easy to find in your WordPress Dashboard. See the image below.
As you can see on this example, in the left navigation next to ‘Plugins’ it will tell you how many plugin updates there are. It will show you all of the updates available — for both plugins that are ‘Active’ and those that are not (in the above example, the ones marked in red are active).
Also, if you have plugins listed here that you don’t use anymore then you should simply delete them.
Assuming you’ve made your backups in step one, you can now do these updates. You can do this by clicking the ‘update now‘ link next to each plugin.
Do not run your updates without first making a backup as mentioned in Step 1.
I suggest doing the updates one by one. This way If there are any issues after doing the updates you know which plugin update is to blame.
After you do the update(s) it is very important that you check your website to make sure everything still works.
Go to your website and make sure the site itself loads as it did previously. Some issues with plugin updates can cause your website to all of a sudden look different or have error messages showing.
If you are seeing any errors / issues, make note of what is happening. Take a screen shot and keep it on file so you can refer to it later. You should then restore your backup and skip that update. Move on to the other updates and repeat any updates you had already done that did not have issues.
If all looks good when you load the website (no formatting issues/code showing) — go ahead and test the plugin itself.
If you updated the contact form plugin then you should submit a test form and make sure it works like it should. If you updated your gallery plugin then test the gallery and make sure it still works. You get the idea!
Go ahead and go through this with each plugin update.
If you had any issues while doing your updates then let me know and I’ll be happy to check things out and work through any necessary troubleshooting for you.
You’ll need to be very descriptive about what you did and what issue it caused, so please provide as much information as possible . Take as many screenshots as you can and provide them. The better you can describe the issue the faster I’ll be able to fix it.
If you aren’t 100% comfortable with all of the above steps then you probably shouldn’t be doing updates. Your website is the face of your business so you don’t want it to broken for an extended period of time.