WordPress Site Security – Step #3

Hot damn, it’s the last part in the WordPress security series – for this blog, at least. In a couple weeks, I’ll be emailing a bonus tip to my subscribers only, so be sure to sign up!

I’ve gone over usernames + passwords in previous posts because those two elements are critical to your site’s security. Most hackers gain access to your website through the login screen, since it is the easiest place to try. Once you’ve got your login screen as strong as a steel door, it’s time to tackle your updates.

Outdated = vulnerable

Leaving your site updates for “another day” is a dangerous + risky move as a business owner or blogger. No matter what type of update you are avoiding, there is always the possibility that a new version was released to fix a known security issue. If not, the update might connect to a security improvement that is new to WordPress since you started your site. Still don’t want to do updates? What if I told you that many updates contain improved features or brand new items that will make your site better? It’s true, I promise.

The longer you leave security risks, vulnerabilities or weak points on your site, the higher your chances are of losing your entire website to a hacker. They are annoying, but hackers are also pretty smart. It’s not difficult for them to find what version of plugins or WordPress you are using + take advantage of older installations. Don’t put your business + site visitors at risk.

Types of updates

There are 3 types of updates that need to be done regularly on your site + they each have a slightly different process.


The most common type of update is for plugins. Most WordPress sites have more than one plugin installed, if not a dozen or more, which equates to many chances for updates to be done + new versions to be released. Each time you install a new plugin, you are trusting someone else to develop a secure product that won’t expose your site or server. Be sure to take those updates seriously.


Theme updates happen, especially if you are using a framework like Headway, Thesis, Canvas or Genesis. While these updates might have less to do with security + more to do with really awesome features, don’t rule out the fact that there could be files within your theme that contain version details or other important information. A theme update might lead to that info being hidden or removed completely.


On twitter I squealed {through 140 characters or less} that the latest version of WordPress was released this week. This release is pretty full of great new features that have developers swooning while simultaneously rushing to utilize the new changes in our current project code. Since your entire online business is based in WordPress, these updates are worth paying attention to + taking care of.

Learn how to correctly update your site

If you want to dive into updating your site the right way, I cover that + so much more in the WordPress security guide. It features an eBook, worksheets, cheatsheets, videos + more. Inside that eBook are step-by-step instructions for each type of update along with tips for different scenarios {for my lovelies that have over 20 updates to do, anyone with a child theme installed + those with customized plugins.}

Got a question about securing your WordPress website? Post it in the comments below. And be sure to sign up for my list below so you get a bonus security tip sent directly to your inbox at the end of the month.

on your keyboard hit enter to search or esc to close