This may seem like a simple premise, but keeping your website installation up to date can save you a lot of headaches. Below are some options we suggest to make sure you keep the bad guys out of your wordpress!

How to keep your site up to date


We suggest updating your WordPress website at least every other week as this lowers your chance of being an easy target for attack.

Step One: Backup Your site

Backing up your site allows you to go back to a state of your website before any errors occured. For this step we suggest BackupBuddy from iThemes ($80/year as of Sept. 7, 2017).

Using BackupBuddy, go to BackupBuddy > Backup: and select Complete Backup

Step Two: Check what needs to be updated and Update it.

View any updates that are highlighted in your Wordpress Dashboard. Updates can always be found 'Dashboard > Updates'. These will include plugin updates, Wordpress core updates and theme updates. Take note of which plugins are going to be updated and select Update Plugins Wordpress Updates

Step Three: Check your site for anything that has changed

With the plugins you noted in step two go through the site looking for any abnormalities. For example, if a form plugin was updated, we suggest submitting a form to confirm that the functionality acts as it did before.

Step Four: Rollback, fix or delete problem plugins.

If you found a functionality that has changed undesirably, you can deactivate the plugin, reach out to the plugin author (which often can be found next to the plugin on the plugins page) or reach out to CHIEDO LABS or your local web development company.

  • If you opted for Backupbuddy you can reset your settings to a state before the update occurred.
  • Visit the Browse & Restore Files option under Backupbuddy.
  • Plugin files are located: wp-content/plugins

BackupBuddy Restore Files

How to keep your site secure


Wordpress Hack Stats image credit

I said this before, but I'll say it again: to keep your site secure, the first step is to keep your plugins up to date.

By default, we recommend SiteGround Hosting as their servers, in our experience, are up to date. Unlike other hosting providers we've encountered SiteGround offers servers with PHP and MySQL that stays pace with what Wordpress's official recommendations. In our experience, they also have speedy customer service. (As of Sept. 7, 2017)

More importantly, however, whatever host you have chosen you can and should make sure that they offer servers with Wordpress's recommendations. You can find a letter, provided by Wordpress, that you can copy and paste into an email to your hosting provider if they do not offer these standards.

Additional Steps You Can Take:

  • never use a Wordpress user with the user name admin
  • never use a Wordpress password that contains your company’s name
  • Keep your passwords secure:

  • Install a Security Plugin

    • We suggest iThemes Security and apply the “Recommended Settings”. They have a free with a Pro version for $80 (as of Sept. 7, 2017).
  • Keep your passwords secure (some simple suggestions)

  • Use a passwords manager like:

    • pwsafe.org - This is our favorite and what we use at Chiedo labs. It's geared toward the more tech savvy.
    • lastpass.com - as of Sept 7, 2017, Last Pass has a very good free version
    • 1password.com - as of Sept 7, 2017, One Password seems to have the most intuitive user experience.