We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.
Black Friday starts now. Get 75% off Nexcess premium managed hosting
Shop plans
Contact Us
Contact Us
Sign in
Sign in
Nexcess Logo

How to secure your WordPress site

October 28, 2022


Keeping your WordPress site secured is possible by keeping WordPress core updated, the site plugins updated, and the themes installed updated on your site.


WordPress plugin reinstall


If you have any doubts about the status of the plugin that is installed on your site, then it is recommended to re-install those on your site. Plugins can be deleted and re-installed using a plugin such as Fresh Plugins or WP-CLI. WP-CLI can be used to force update all plugins on a site.

WordPress plugin updates


There are numerous ways to keep your plugins updated on your site using auto-updates in WordPress core, iThemes Security Pro version management, or manually updating plugins from the WordPress dashboard. If you manage multiple sites, you can update plugins using the iThemes Sync Dashboard. Plugins left outdated are the greatest source of being used as the attack vector to infect your site with malware.

WordPress core updates


If your site is hosted on a Managed WordPress or Managed WooCommerce plan your site should be automatically updated for minor WordPress core updates. If WordPress core updates are enabled in the portal, major WordPress core updates will also be run automatically. Minor WordPress core updates normally contain security improvements and bug fixes. It is not recommended to delay minor WordPress core updates for your site. WordPress security fixes would be backported to all supported WordPress branches.

WordPress theme updates


Themes with security vulnerabilities are less common than plugins with security vulnerabilities but no less of a reason for not ensuring that your parent theme is updated on your site. Waiting to update the parent theme will end up causing more issues in the long-term. It is easier to deal with minor parent theme updates.

What not to store on your site


It is not recommended to keep site MySQL dump files or other archive files on your site server they should be created and then downloaded locally. The same goes for keeping backup wp-config.php files since they contain the site's database connection.

Update your salts


Using your site's iThemes Security Pro plugin, you can easily update the salts stored in your site's wp-config.php file. If you do not have the iThemes Security Pro installed on your site, you could use a plugin such as Salt Shaker.

Update your administrator user passwords


If your site was infected with malware, then it recommended updating the passwords for all admin users from the WordPress dashboard.

Update your database user password


If your site has been infected with malware, then it is recommended to update the database user's password for your site's database. This can be done in the database tab in the portal of your site. The new database user password will need to be updated in the site's wp-config.php file.

If you need help shuffling your salts, settings plugins to be auto-updated, and updating your database users' password support will be able to assist. For help contact our support team by email or through your Nexcess Client Portal.

Nexcess hosting


Helpful resources


The following resources can help inform you on the process of securing your site:

We’re here to help


Of course, we’re always here to discuss your options to clean up your site.

For 24-hour assistance, any day of the year, contact our support team by email at support@nexcess.net or through your Nexcess Client Portal.

Fully Managed Hosting plans with Nexcess


Nexcess Managed Hosting
offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:

Plugin Performance Monitor — test your WordPress plugins automatically


Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.


Sales Performance Monitor — built-in ecommerce monitoring for your online store


Personalized revenue insights, delivered right to your inbox. The Nexcess Sales Performance Monitor delivers weekly revenue trends to help you stay profitable.


Why choose Nexcess?


We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.

No one optimizes hosting for open-source applications better than Nexcess!



Recent articles

Related articles

Nexcess
Nexcess


Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess.