Nexcess Logo

How to secure your WordPress site

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
October 28, 2022

Keeping your WordPress site secured is possible by keeping WordPress core updated, the site plugins updated, and the themes installed updated on your site.

WordPress plugin reinstall

If you have any doubts about the status of the plugin that is installed on your site, then it is recommended to re-install those on your site. Plugins can be deleted and re-installed using a plugin such as Fresh Plugins or WP-CLI. WP-CLI can be used to force update all plugins on a site.

WordPress plugin updates

There are numerous ways to keep your plugins updated on your site using auto-updates in WordPress core, Solid Security Pro version management, or manually updating plugins from the WordPress dashboard. If you manage multiple sites, you can update plugins using the Solid Central Dashboard. Plugins left outdated are the greatest source of being used as the attack vector to infect your site with malware.

WordPress core updates

If your site is hosted on a Managed WordPress or Managed WooCommerce plan your site should be automatically updated for minor WordPress core updates. If WordPress core updates are enabled in the portal, major WordPress core updates will also be run automatically. Minor WordPress core updates normally contain security improvements and bug fixes. It is not recommended to delay minor WordPress core updates for your site. WordPress security fixes would be backported to all supported WordPress branches.

WordPress theme updates

Themes with security vulnerabilities are less common than plugins with security vulnerabilities but no less of a reason for not ensuring that your parent theme is updated on your site. Waiting to update the parent theme will end up causing more issues in the long-term. It is easier to deal with minor parent theme updates.

What not to store on your site

It is not recommended to keep site MySQL dump files or other archive files on your site server they should be created and then downloaded locally. The same goes for keeping backup wp-config.php files since they contain the site's database connection.

Update your salts

Using your site's Solid Security Pro plugin, you can easily update the salts stored in your site's wp-config.php file. If you do not have the Solid Security Pro installed on your site, you could use a plugin such as Salt Shaker.

Update your administrator user passwords

If your site was infected with malware, then it recommended updating the passwords for all admin users from the WordPress dashboard.

Update your database user password

If your site has been infected with malware, then it is recommended to update the database user's password for your site's database. This can be done in the database tab in the portal of your site. The new database user password will need to be updated in the site's wp-config.php file.

If you need help shuffling your salts, settings plugins to be auto-updated, and updating your database users' password support will be able to assist. For help contact our support team by email or through your Nexcess Client Portal.

Nexcess hosting

Helpful resources

The following resources can help inform you on the process of securing your site:

We’re here to help

Of course, we’re always here to discuss your options to clean up your site.

For 24-hour assistance, any day of the year, contact our support team by email at or through your Nexcess Client Portal.

Fully Managed Hosting plans with Nexcess

Nexcess Managed Hosting
offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:

Plugin Performance Monitor — test your WordPress plugins automatically

Don’t let changes to your website slow you down. The Nexcess Plugin Performance Monitor watches your site hourly, so you don’t just see the problem - you know how to fix it.

Sales Performance Monitor — built-in ecommerce monitoring for your online store

Personalized revenue insights, delivered right to your inbox. The Nexcess Sales Performance Monitor delivers weekly revenue trends to help you stay profitable.

Why choose Nexcess?

We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.

No one optimizes hosting for open-source applications better than Nexcess!

Recent articles

Related articles


Nexcess, the premium hosting provider for WordPress, WooCommerce, and Magento, is optimized for your hosting needs. Nexcess provides a managed hosting infrastructure, curated tools, and a team of experts that make it easy to build, manage, and grow your business online. Serving SMBs and the designers, developers, and agencies who create for them, Nexcess has provided fully managed, high-performance cloud solutions for more than 22 years.

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.