Previously, I talked about the 1 thing you absolutely MUST do to stop inviting hackers into your WordPress website. So hopefully, you’ve removed the welcome mat for the bad guys.

But security doesn’t stop there. Don’t get me wrong, it is super-wonderful-fantastic that you are no longer making yourself an easy target. Here’s the next step.

Always Keep Your WordPress Site Updated (Always)

Technology is changing all.the.time. This is a reality, AND it is going to keep changing, and at a faster rate.

This means that the hard working guys and gals that create all the great stuff to make your website function are constantly discovering better ways for that functionality to work. And finding possible vulnerabilities and issues with their software.

So they go through all the effort to improve their software and fix stuff. That’s an update. These are important. But, they aren’t any good if you don’t actually apply them.

But, Updates Could Break My Site

This is true. Especially in the “old” days (you know, way back 3 or so years ago). However, the likelihood that a WordPress, plugin or theme update is going to break your site now is very, very small.

If you’ve been using WordPress for awhile, then you might remember a time when updates were more likely to break your site, so it was common practice not to apply them. That was back when WordPress was a less mature platform.

WordPress is now past its awkward adolescent stage and is a full-fledged, grown up, functioning-member-of-society platform. Which means that there is a lot more testing and controls in place for releases.

There are also a lot more guides and controls in place for theme & plugin developers. Seriously, there are 60 million WordPress users in the world. And…

[Tweet “WordPress powers 23% of the sites on the internet.”]
(via Business2Community)

Because WordPress is so prevalent now, it is a more attractive target for bad guys. They might have to spend a lot of time & effort trying to figure out how to break in, but once they do, they are going to potentially get a big return on their investment because there are millions and millions of sites they can exploit.

Stop Making It Easy On The Bad Guys

According to a stat from WordPress.org (via Torque Mag), only 11.4% of all WordPress sites are running the latest version of WordPress.

Besides missing out on wicked new features (WordPress 4.0, WordPress 4.1), you are not benefiting from the security, performance and stability improvements that updates contain.

Backup Your Site, Apply Updates, Get Rid of Stuff You Don’t Use

You should be in your WordPress site at least (meaning, probably more than) every other week making sure that the backup is running and applying updates. Always backup your site before applying updates, just in case. Then apply all the available backups. Then go check your site. If, by chance, something does break, then roll back to the backup and call your favorite WordPress Guru.

Your site should not have inactive plugins or themes hanging around. If you aren’t using it, remove it. Yes, I know – but what if you did want to start using it again?

Here’s what I do. I keep a list in Evernote of previous plugins and themes with links to them. That way, if I want to use it again, I go look it up & install it.

Having a website is like constantly adding onto your house. Sure, you might have a security system, but if new windows and doors are being added all the time, you have to keep adding more sensors if your security system is going to be any good. That is what updates are all about.

Next up, we’ll talk about the other ways you can be locking down your WordPress website.