Wordpress Website Security DIY

TIP: Add a re-curring reminder to your calendar



Updating your WordPress Website is quite simple and vitally important to keep hackers and spammers away from all your diligent business building efforts. It is rare that trouble arises as you are updating, and there is support available if you run into any issues. Before you begin, be prepared with the following:

  • Schedule reminders to update. I suggest marking it as a recurring event on your calendar with an alarm so you don’t miss it. You can also watch for WordPress-generated emails that let you know if your site was automatically updated and go in a few days after to do the following updates (wait a few days so developers can catch and fix any possible bugs — its not likey you’ll get hacked during that time, but the choice is yours).
  • Login links, usernames and passwords for your hosting company and your WordPress site. These are the keys to your office/store, so you need to always know where they are. You can keep a copy in a safe place as backup. (If you can’t find them, you can contact your hosting company to verify you’re the owner and get back in).
  • About 5-15 min of focus time, and another hour+ if necessary for rare cases of problems and the need to restore.


Let’s Begin!

First, log into your WordPress website. You will start on the ‘backend’ in the Dashboard, and it will look similar to this image, below.

Check the following:

  1. Is a PHP update required?
  2. Is WordPress up to date? 
  3. Is there and update number at the top?
  4. Is there a plugin number in a red circle?

The number in this image, below, is the order you want to go in when updating your site. Follow instructions, next…

Backup First

Some hosting packages include backup services. Check with your host to know what you already have in place. If you are with Photon.net (as many of my clients are), log into your cPanel. If you are with another host, they may also offer cPanel that you can log into. If not, work with their support to find out how your site is being backed up. 

Backing up:
In the Backup Wizard option in cPanel, navigate to Partial Backup where you will select the Home Directory to backup. Where you store the backup is your choice. 

#1 – PHP Update

You will follow these instructions if an update is required. If not required, skip to #2.

While logged in to your hosting account, find the MultiPHP Manager (if your hosting uses cPanel). If your hosting does not use cPanel, work with your hosting support to find out how to update your PHP to the latest or recommended version. 

MultiPHP Manager

You will see what your hosting company PHP default is, and the recommended version near the top. 

  1. Select the websites that you want to update in the left column.
  2. Select the PHP verion from the dropdown.
  3. Select Apply.
  4. Log out after you see verification that the change has been made.

2 – WordPress

Logged into WordPress in the Dashboard, select the Updates icon, as in #2 of the first image, above. It will take you to a page similar to this image, below.

  1. Update WordPress if it is not up to date.
  2. Once it is done updating, view the home page and see if things are generally looking right and operational. If there are any new issues, you can either contact support to fix, or restore the backup you made before beginning, then troubleshoot.


#3 – Theme Update

  1. Select the Updates icon again.
  2. This time, scroll down to the Themes (see image just above). You may have extra, unused themes installed (standard with your hosting company). Select All in the top box of the Themes and select the Update Themes button.
  3. After the updates are complete, view the home page again and see if things are generally looking right and operational. If there are any new issues, you can either contact support to fix, or restore the backup you made before beginning, then troubleshoot.


#4 – Plugins Update

  1. Select the Updates icon again, or the Plugins update number icon as shown in the first image.
  2. Select All in the box above the Plugins, just as in updating the Themes, then DESELECT any plugins that say they are not 100% compatible with the current WordPress version. Some plugin makers are slower to update their plugins, and it’s not worth the risk to update right away if compatibility is not yet known. Security risks with plugins are relatively low, with WooCommerce being the most important to keep updated. 
  3. After the plugin updates are all complete, go to the home page again and check the whole site for appearance and functionality. If there are any new issues, you can either contact support to fix, or if necessary, restore the backup you made before beginning, then troubleshoot. 



While issues arising are relatively very rare from updates, they may happen, especially if your website has not been updated in a long time. If something does come up, breathe deep and exhale… help is available. You can reach out to me, and also your web host support. I may be able to offer a simple solution. Your web host has the ability to look at error files to see what the issue might be. If you have any concerns about waiting for a solution, you can always document what went awry, then restore your backup to keep your site up and running, then contact support or myself for next steps. 


Safe and Secure

Just like a brick and mortar store or office, some attention to the structure is part of the maintenance. WordPress is still one of the most secure website platforms – as long as updates are maintained. I still highly recommend WordPress for the nearly limitless ways to customize your site to reflect your brand, message and style. 

Subscribe to my Security Update Service

If the DIY approach is ever too much, I offer the option of doing it for you. You can pause or stop your subscription at any time. Get started here…


beauty • sustainability • intention