Frequently Asked Questions

What is WordPress security?
WordPress security refers to specific steps, methods, and techniques implemented to ensure that WordPress data and files on a webserver can't be accessed or changed by anyone without specific authorization. When your data and files aren't protected by proper security measures, your WordPress site is left vulnerable for malicious hackers (crackers) to wreak havoc and destroy your hard work, your website, and possibly your livelihood.
Why should I care about WordPress security?
Like most WordPress users, you've put many hours and lots of effort into your site. It would be devastating to have to start over if some hacker destroyed all your hard work. WordPress is an excellent website platform, but it has many security holes that hackers can exploit to get into your site to either cripple or destroy it. WordPress security should therefore be one of your primary concerns.
How will I know if my site has been hacked?
You probably won't know you've been hacked until it's too late. If you notice that your traffic has significantly dropped, you see funny characters or strange links in your content, or your webpages suddenly stop showing up in the search results... chances are your site has been hacked. See our HackerFolio for some examples of hacked WordPress websites we've encountered.
Are security plugins enough to protect my site?
Absolutely not! There are some good WordPress security plugins but they don't secure everything. Do not be fooled! There is NO plugin or set of plugins that can adequately secure your site. Multiple layers of security are the best way to secure WordPress.
Is it important to keep WordPress, and its plugins and themes up-to-date?
Yes! Keeping your WordPress installation, plugins and themes up-to-date reduces the risk of security vulnerabilities and performance issues.
Will you upgrade my site to the new WordPress version when it's released?
We do not update WordPress when upgrades first become available. We prefer to wait and see if any unforeseen issues arise on our test sites or with other users around the web. When we're certain the new version is stable and secure we'll update your site.
Should I use an auto-update plugin?
We only update plugins after they've been thoroughly checked on our test sites, to make sure they don't compromise the extensive security measures we implement. Automated updates are convenient but the results can be a disaster security-wise.
Is it possible for me to secure my own WordPress site?
Yes it is however; there are many steps to properly secure a WordPress site, some of which are very technical. If you aren't well-versed in the workings of WordPress, PHP coding and databases, you're better off leaving it to a professional. Almost all the hacked sites we've fixed had some type of do-it-yourself security.
Why should I use WP Security Pros?
You get the benefit of our professional experience with WordPress security. Security has been a way of life for us for decades, in our prior careers and on the WWW. We're a divison of a long-established Internet company and your satisfaction is one of our top concerns. Please read about us for more on our security backgrounds.
Do you guarantee that my site won't get hacked?
No one can make that promise. If someone does... back away quickly! Technology is constantly changing. Hackers stay on top of these changes and sometimes lead the way. We cannot guarantee that your site will never get hacked. We guarantee to make getting into your site as difficult as possible. Most hackers simply get frustrated, give up, and move on to attacking someone else's site.
What does "multiple layers of security" mean?
We use many different layers of security to help protect your site from being hacked. Each layer by itself is capable of stopping an attack. When all of the layers are combined, the overall security level goes up geometrically, creating a vastly stronger WordPress security system.
How long have you been working at WordPress security?
We're proud to say that we began using WordPress for our clients and our company sites mid-2005. We've been implementing WordPress security since we got hacked back in 2007. We have also worked in ecommerce and Internet marketing for 15 years.
Why do you call your company "WP Security Pros?"
We've implemented WordPress security on over 1,800 WordPress sites. We're the best at WordPress security because we're constantly learning how hackers attack WP. We run over three dozen honeypot test sites, some with versions as old as 2.0.4. Read about our WordPress security testing.