As everyone knows by now, the biggest reason for hacked WordPress Websites is lack of maintenance, resulting in vulnerabilities caused by out of date WordPress core, plugins and themes.
IT is critical to keep your WordPress installation up to date as well as all your themes and plugins, failing to do so will result in your website having vulnerabilities that cybercriminals can take advantage of to get access to your website, install malware, redirect your traffic, use your site to DDOS other sites or steal customer data.
With so many tens of thousands of plugins available, many created by bedroom coders, many also often get abandoned by their developers or just do not get updated regularly enough to stay compatible with the latest version of WordPress. In some cases, the developers have been known to sell their plugins to cybercriminals.
So it is also important to keep a check on all your plugins to make sure they are still being maintained and supported and have not been removed from the WordPress plugin repository.
I do a lot of WordPress support these days, removing malware, fixing bugs, improving performance, migrations and of course, performing updates and installing security. In almost every single case I find that customers are not taking advantage of the tools they have available through their control panel.
Installatron
Installatron is an application installer that allows quick and simple installation of web application such as CMS’s, blogs, forums and much more. It is used by many hosting providers in their hosting control panel (Cpanel, Plesk and DirectAdmin) and is also available as a remote installation for anyone else.
What most people do not realise is that Installatron also has the ability to monitor your WordPress installation and inform you about updates or to just install them for you automatically.
First login to your hosting control panel and look for the Installatron icon. If you do not have this, then your hosting probably does not offer this option, in which case you have the option of installing the remote version yourself or moving to a host that does offer Installatron.
If you are based in the UK then I can recommend my own hosting provider Guru, you can read my review of Guru here.
Clicking on this icon will then show you all your existing apps which were installed using Installatron. If you did not install WordPress using Installatron, then it will not show up here, but don’t worry you can also import any existing WordPress install (see below).
Manage Your Application
From the list of installed application, click on the wrench icon to manage your application. From here you can choose your notification or update settings.
Note that Installatron will send out email notifications whenever an action is completed, so be sure to verify that the email address you have set is valid and that you have whitelisted emails from the control panel.
What settings you use here very much depends on how critical your website is you and your business.
If you have a simple brochure website, then you could just set everything to auto update, and then just make sure you check your site after updates occur to ensure everything is still working as expected.
If your website up time is critical to your business, then I would suggest just enabling notifications, and then performing the updates manually outside of business hours so that you can easily roll back if any issues occur.
Backups
If something goes wrong during an update, which breaks your website, then you will need to restore your latest backup. So the first thing I recommend is that make sure that you have backups in place and that they are working and that you know how to restore your website from backups if required.
Check with your hosting provider how often they are performing backups of your website, and test out the restore process.
- Some hosts only do automatic system backups for their own recover use and do not provide any backups you can use yourself.
- Some hosts only provide monthly backups as standard, which isn’t really sufficient.
A good host will at least do them daily. My host (GURU) performs backups every 4 hours. - Most hosts will provide an option in their control panel for you to perform manual backups
Installatron also gives you the option to perform an automatic or a manual backup prior to performing any updates. You can choose to backup locally to your hosting space, to backup externally to various cloud storage services or via FTP.
When you perform a manual update by clicking the “update” button, it will ask you if you want to perform a backup first. You can also perform backups on demand using the backup button.
IF you do not want to perform untested updates on your live site, then you can use the clone button to make a copy of your website on a sub-domain (e.g. testing.yoursite.com). You can then perform all the updates on the clone first, make sure everything is working, and then do the same to the live site.
For detecting abandoned plugins or plugins with vulnerabilities I recommend installing WordFence. This will scan your installation and report any issues it finds with your plugins and themes.
Import existing WordPress install
If your WordPress installation was not created via Installatron, then no problem. Simply go to the application browser, choose WordPress, then choose import instead of install.
The process is very simple and entirely automated, all you need to do is choose the website/domain you want to be imported.
You will then have access to all the Installatron features.
