How to Do an Annual WordPress Security Review

By Elliot Olson

By Elliot Olson

Lead Web Designer + Digital Strategist

Welcome to a new year! For many of us, January is a time to make new goals and set milestones for the upcoming months. This year, I’m focusing on self-care and my health — including the health of my website.

In fact, I recommend that all website owners dedicate time to review their website health at the beginning of the year. Whether you run a personal blog or a business site, you can’t afford to ignore your website health.

Now is a perfect time to review your website security with this handy checklist of 5 items to enhance your website security for the new year:

1. Update WordPress and Plugins

You are probably already aware of how important it is to keep your WordPress core files and plugins up-to-date. Outdated plugins on your site can be serious security issues, and all plugins and files should be updated as soon as possible.

Note: updating WordPress files and plugins can affect site functionality. I always recommend updating each element individually and testing the site between updates.

| studio anansi
You want to see this “You have the latest version of WordPress” notification to confirm that your website is up-to-date.
| studio anansi
To automatically update this plugin, click the “update now” link.

2. Audit Users

How many users are registered with your website — and are they all necessary? Sometimes a former user is now obsolete, such as when an employee leaves a company. If somebody should no longer have access to your site, make sure their WordPress user is deleted from your website.

Sometimes you have to keep users even if that person is no longer part of your website. For example: you may have a guest blogger who no longer posts on your site, but you want to keep their user login for archival purposes. In that case, be sure to downgrade their user status to the lowest possible user role, such as “subscriber.”

Learn more about WordPress roles here.

3. Review Backups

Website backups are incredibly important. In fact, I tell clients that backups are the highest priority investment you can make in your WordPress website. A solid backup can solve many problems:

Updated files causing your site to crash? Restore from a backup.

New or updated plugin causing incompatibilities? Restore from a backup.

Malicious code inserted into site files? You guessed it — restore from a backup.

Of course, troubleshooting will be necessary to fix the root causes of those issues — but troubleshooting won’t be an option if a backup isn’t available. Make sure your website is backed up on a regular basis (I suggest at least weekly, if not daily!) and that backup files are stored in a secure location.

4. Remove Unnecessary Themes and Plugins

Do you have unused WordPress themes and plugins on your site? If so, delete them! Deactivated themes and plugins can still be backdoor security risks, and it’s better to delete them whenever possible.

Note: If you’re using a child theme (and you better be using a child theme!) make sure you do NOT delete the parent theme of that child theme.

| studio anansi
A double whammy — this plugin is both outdated and deactivated. There’s no need to keep it hanging around as a potential security threat!
| studio anansi
This site has three themes: Avada, Avada Child (the active theme) and the default WordPress Twenty Twenty theme. Because it uses the Avada Child theme, only that theme and the Avada Parent theme are necessary. Twenty Twenty can be deleted.

5. Test Contact Form

This last suggestion is an often-overlooked element of websites — testing any existing forms. Sometimes plugin or software updates can affect the settings for contact forms. If your site has a contact form, be sure to send a test message to ensure that everything is working as expected.

Final Thoughts

To recap, your checklist this January to improve your website security:

  1. Update WordPress and Plugins
  2. Audit Users
  3. Review Backups
  4. Remove Unnecessary Themes and Plugins
  5. Test Contact Form

Concerned about your website? Get in touch if you have any questions.

WANT MORE WEBSITE STRATEGY?

Receive weekly, straight-to-the-point website tips. No fluff, no nonsense. Because I value your time as much as I value my own.

By entering your information, you agree to receive emails from Studio Anansi. You can opt-out at any time.

0 1 /                                       Services

0 2 /                                            ABOUT

0 3 /                                 PORTFOLIO

0 4 /                                      Articles

0 5 /                                     CONTACT

Skip to content