Keeping your WordPress site secured is possible by keeping WordPress core updated, the site plugins updated, and the themes installed updated on your site.
WordPress plugin reinstall
If you have any doubts about the status of the plugin that is installed on your site, then it is recommended to re-install those on your site. Plugins can be deleted and re-installed using a plugin such as Fresh Plugins or WP-CLI. WP-CLI can be used to force update all plugins on a site.
WordPress plugin updates
There are numerous ways to keep your plugins updated on your site using auto-updates in WordPress core, iThemes Security Pro version management, or manually updating plugins from the WordPress dashboard. If you manage multiple sites, you can update plugins using the iThemes Sync Dashboard. Plugins left outdated are the greatest source of being used as the attack vector to infect your site with malware.
WordPress core updates
If your site is hosted on a Managed WordPress or Managed WooCommerce plan your site should be automatically updated for minor WordPress core updates. If WordPress core updates are enabled in the portal, major WordPress core updates will also be run automatically. Minor WordPress core updates normally contain security improvements and bug fixes. It is not recommended to delay minor WordPress core updates for your site. WordPress security fixes would be backported to all supported WordPress branches.
WordPress theme updates
Themes with security vulnerabilities are less common than plugins with security vulnerabilities but no less of a reason for not ensuring that your parent theme is updated on your site. Waiting to update the parent theme will end up causing more issues in the long-term. It is easier to deal with minor parent theme updates.
What not to store on your site
It is not recommended to keep site MySQL dump files or other archive files on your site server they should be created and then downloaded locally. The same goes for keeping backup wp-config.php files since they contain the site's database connection.
Update your salts
Using your site's iThemes Security Pro plugin, you can easily update the salts stored in your site's wp-config.php file. If you do not have the iThemes Security Pro installed on your site, you could use a plugin such as Salt Shaker.
Update your administrator user passwords
If your site was infected with malware, then it recommended updating the passwords for all admin users from the WordPress dashboard.
Update your database user password
If your site has been infected with malware, then it is recommended to update the database user's password for your site's database. This can be done in the database tab in the portal of your site. The new database user password will need to be updated in the site's wp-config.php file.
If you need help shuffling your salts, settings plugins to be auto-updated, and updating your database users' password support will be able to assist. For help contact our support team by email or through your Nexcess Client Portal.

Helpful resources
The following resources can help inform you on the process of securing your site:
- https://www.nexcess.net/help/comparing-how-to-keep-plugins-updated-in-wordpress/
- https://ithemes.com/security/wordpress-salt/
- https://wordpress.org/plugins/salt-shaker/
- https://help.ithemes.com/hc/en-us/articles/4401815518363-iThemes-Security-Tools-
- https://wordpress.org/support/article/resetting-your-password/
- https://developer.wordpress.org/apis/wp-config-php/#set-database-password
We’re here to help
Of course, we’re always here to discuss your options to clean up your site.
For 24-hour assistance, any day of the year, contact our support team by email at support@nexcess.net or through your Nexcess Client Portal.
Fully Managed Hosting plans with Nexcess
Nexcess Managed Hosting offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:
- Managed WordPress Hosting with automatic plugin and platform updates.
- Managed WooCommerce Hosting with built-in image compression and the acclaimed StoreBuilder interface.
- Managed Magento Hosting with instant auto scaling, PCI compliance and premium security.
Plugin Performance Monitor — test your WordPress plugins automatically
Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.
Sales Performance Monitor — built-in ecommerce monitoring for your online store
Personalized revenue insights, delivered right to your inbox. The Nexcess Sales Performance Monitor delivers weekly revenue trends to help you stay profitable.
Why choose Nexcess?
We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.
No one optimizes hosting for open-source applications better than Nexcess!
Recent articles
- How to View Your Nexcess Account Billing Invoices | Nexcess
- WordPress multi-site management using different domains | Nexcess
- How to Find and Use WordPress 101 (WP101) Tutorials | Nexcess