“At the end of the day, no matter how fast hacks evolve, the best way to combat them is still through regular updates.”
The best way to keep your WordPress website secure is by regularly updating WordPress and its components; this is the conclusion of the post Security Experts Weigh in: The Future of WordPress Security. Why? Because many of the updates to WordPress (core, themes, and plugins) are designed to reduce the likelihood of hacking attacks.
However, keeping WordPress components up to date requires constant monitoring, and frequent reviews of numerous websites can be difficult. Thus, to improve the integrity and security of our clients’ websites, we are moving to a system of automated updates.
A notable downside of automated updates is that new versions of the WordPress core, or of themes or plugins, can occasionally ‘break’ the website, or certain functions of the website. Thus, we are asking website owners to visit their sites often, to ensure they are working properly, and to let us know if anything is amiss. If you wish, we can set up an automated email that provides you with alerts about updates to your site.
As an aside, we have also used (and still use) WP Remote to provide manual overviews and updates of WordPress components, and Down Notifier to provide alerts of website downtime (also see our page, Website Maintenance, Updates, Backups, Monitoring)
Note that WP Rollback is a potentially useful plugin to revert to earlier versions of WordPress components.
Image Credit: Copyright: bluebay / 123RF Stock Photo