When WordPress is due for an update, it can be tempting to ignore it and continue to use the site as-is. Whether you’re nervous about navigating the newer version or you just don’t feel like going through the process, it’s important not to ignore WordPress updates — they serve to improve functionality and create a better user experience. Of course, updates can be complicated. That’s why we’ve created this guide to help you on how to update WordPress safely.

Why Should I Update WordPress?

Before we examine how to safely update your WordPress site, let’s review why updates are important. By using the latest version of WordPress, you’ll enjoy the following advantages:

  • Increased protection: Outdated WordPress plug-ins, WordPress themes or WordPress core increases the likelihood of getting hacked.
  • Improved performance: Updating WordPress boosts speed and functionality. It also fixes bugs that might be interfering with the WordPress site performance.
  • New tools: If you’re not using the latest WordPress version, you won’t have access to the newest features and tools.
    Installing updates is the best way to ensure you’re using the highest-quality version of the site. Now that you understand the benefits, here’s how you can safely update WordPress.

How to Update WordPress Safely?

If this is your first time updating WordPress, it might seem a bit difficult. However, over time, this process should get easier — you’ll soon become expert at executing these updates. Here’s everything you need to know.

Secure Your Files

Before you update WordPress, take the time to complete a thorough backup. This way, if anything goes wrong during the update process, you can still access your files. A backup should include core WordPress files and parts of your WP content folder, such as the following::

  • Themes and plug-ins
  • Uploaded media and images
  • Data

In addition to performing a backup, it’s advisable to turn off caching before moving forward with the update. Put simply, a cache is a high-speed layer of data storage. While it’s helpful during your regular WordPress operations, this function can interfere with the update. You can easily turn it off through your plug-in menu.

Find the Automatic Update

When a new update is available, you’ll see a notification at the top of your screen. You can quickly begin the update by clicking here. However, some users might not see the notification. This could be because you minimized it or because the site is hiding it. If this is the case, don’t worry — you can still access the update by going to the WP admin dashboard.

Once you’ve opened your dashboard, you’ll see an “updates” menu. There should be an option to “update now” — just click this to start the process. During the update, you won’t be able to use WordPress for a few hours or so.

Conduct a Manual Update If Necessary

Usually, the automatic update is all you need to get the process started. However, in some cases, it may not work. While this can be frustrating, you can still take advantage of updates by carrying out the process manually. This requires the following steps:

  • Get a free File Transfer Protocol (FTP) software package
  • Download the most recent version of WordPress as a zip file
  • Upload your zip file to your FTP
  • After the upload is complete, you can find the update in your WP admin panel. Although this process is more complex than conducting an automatic update, you’ll be able to enjoy all the perks of the new WordPress version once it’s done.

Update WordPress Themes

Updating the “themes” section of your WordPress website is a slightly different process. You can find the update in your “Appearance” menu — of course, before you click on it, make sure everything is backed up.

If you have any customized themes, or child themes, you’ll want to save them before the update. Most WordPress users base their themes on an original version, or parent theme. Start by noting all the differences between your theme and the parent theme. This should include the following:

  • Style
  • Functions
  • Files

Copy all these changes to a blank child theme, then go ahead and update the parent theme. Once it’s updated, you can copy the changes again and move them back to the parent theme. You can also turn caching back on at this time.

Make Sure Everything Is Working

Once the update is done, you’ll have a fully functional, high-quality version of WordPress on your hands. However, you should run a quick check just to make sure everything is working. There are two ways to do this:

  • Run a manual check
  • Use a visual regression tool

You can conduct a manual check by navigating through the site and testing features out on your own. Of course, this process is time-consuming, and there’s no guarantee you won’t miss something. Thus, it’s recommended to use an online visual regression tool that can check for you. Using online services can save time and effort while reducing the risk of making a mistake. For the best results, you should always rely on a high-quality resource like WP SitePlan.

artKenya’s Managed Web Hosting: Your Resource for Safe Updates – and so much more!

If you’re looking for WordPress management assistance, our team at artKenya is here to help. In addition to performing secure, regular updates, Managed Web Hosting includes the following services:

  • Daily data backups
  • Monitor uptime in real time
  • Consistent security scans
  • Page speed optimization
  • Monthly reports
  • Database optimization
  • Web hosting
  • Domain renewal
  • Content updates

We’re happy to customize our services to meet your needs. Enjoy safe updates by contacting us today!

When your WordPress website is hacked, a million things go through your mind. What did the hackers find, change and steal? Who else is in danger — are your employees, partners or customers at risk now too? And how did the hackers get into your site in the first place?

Before you can take the next steps, you have to stay calm. The truth is that hacks do happen, regardless of how well-protected you believe your site is. The good news is that this is a common occurrence and there are established to-dos to start tackling right away.

Also, sometimes websites go a little bonkers — it doesn’t mean you’ve been hacked. A misbehaving website, malfunctioning update or odd comment on a blog post are not surefire signs that your site’s been hacked. You’ll want to dig deeper to make sure you know what you’re dealing with before you try to solve the wrong problem.

How To Tell if Your WordPress Website has Actually Been Hacked

Here are the signs that you’re dealing with a bonafide hack — hopefully, you can say “no” to everything on this list. (And if not? We’ve got lots more help for you.)

  • You’re unable to log in to your WordPress website.
  • You’ve noticed a severe drop in traffic.
  • There are website changes that you haven’t made.
  • Your website is redirecting to a different site.
  • When anyone tries to access the website or even search for it in Google, a warning shows.
  • The server logs show unusual activity.
  • Your security plugin or hosting provider has notified you that there’s been a breach or unusual activity.

Let’s get into some of these a bit more.

Can’t Log In to Website

The most common reason why someone can’t access their website isn’t a hack — it’s because they forgot their password (or think they know it but actually don’t). Reset your password to see if that’s the problem.


Now, if you can’t reset your password, that could point to a potential hack. Hackers will often remove a user or change their password to keep them from accessing the site. If you’re not able to reset your password, it could be because someone removed your user account. Usernames that contain the following are particularly easy to hack:

  • Admin
  • Administrator
  • Root
  • Test

Also, if you are able to reset your password but you notice other red flags that we’ve listed, you could still be the victim of a hack, so read on.

Drop in Traffic

When a high-performing website stops seeing an influx of traffic for no known reason, it’s possible it’s been hacked. Redirected traffic, a decreased user experience or Google blacklisting your site can cause traffic to plummet.

Unrecognized Website Changes

Often, hackers will change your website in big and obvious or tiny and hard-to-catch ways. It could be as clear as the home page being overwhelmed by ads or the theme being totally different. Or, it could be as difficult to find as teeny links hidden in the footer. It’s also common for the added content to be of an illegal nature.

Often, this type of added, unexpected content doesn’t fit with the design scheme or take presentation into consideration. That means that there may be a black ad over a black part of the website, keeping a lot of it concealed.

You can also see if any pages have been added to your site by doing a Google search for site:yoursite.com (replacing yoursite.com with your actual URL). Skim through the results to see if there’s anything you don’t recognize.

Before you assume this is the work of a hacker, check with the rest of your team to find out if any admins or editors made the change. Even an outlandish change could have been a complete accident.

Website Redirects Somewhere Else

It’s common for hackers to add a script to your website that redirects visitors elsewhere, like a dating site or something untoward. You may not notice this yourself, as some hackers will only show the redirects to non-administrators, so it will look normal to you. But if you’re getting feedback from visitors that they’re being sent to another site, listen up.

Browser or Google Warnings

Yes, a browser warning that says your site’s been compromised could point to your WordPress being hacked … or it could mean that there’s code in a plugin or theme that has to be removed. There could also be a domain or SSL problem, which your host can probably help you figure out. The browser warning may provide you with some info that you can use to start troubleshooting the problem.

A Google warning is similar, though more straightforward – it’ll probably say, “This site may be hacked.” This can happen when a website sitemap is hacked, which impacts how Google crawls the site. Like with a browser warning, you have to take whatever info you’re given to start diagnosing the problem.

If you’re still hearing from users that your site is flagged, it could be that they’re getting a notice from their anti-virus product. Even if Google whitelists you again, you’ll have to follow the instructions for the anti-virus products to take you off their list of dangerous websites.

Unusual Activity in Server Logs

If you’re worried that you’ve been hacked, log in to your cPanel via your hosting provider. There are two types of logs to look at:

  • Access Logs: Who accessed your WordPress site and through which IP.
  • Error Logs: Errors that occurred when your WordPress system files were modified.

Look for any unusual activity. If you find IP addresses that shouldn’t have access to your site, block them.

Understanding Why and How WordPress Websites Get Hacked

There are a number of reasons why WordPress is hacked. The top three are:

  • Insecure Passwords: Every user of your site, along with your FTP and hosting accounts, needs a highly secure password.
  • Out-of-Date Software: Plugins, themes and your WordPress installation need to be updated regularly, whenever a new version is out. Without updates, you leave vulnerabilities for hackers to take advantage of.
  • Insecure Code: Low-quality WordPress plugins and themes can put your site at risk.

There are several savvy methods hackers use, and the techniques are improving all the time. As sites get safer, hackers get smarter and more creative. Here are just a few of the main routes that are taken to hack WordPress:

  • Backdoors: A backdoor hack bypasses all the traditional ways of getting into your site. The hacker may find a way in through hidden files or scripts.
  • Brute-Force Login Attempts: Automation is used to figure out your password and get into your site. The weaker the password, the easier it is to crack.
  • Cross-Site Scripting (XSS): This is a vulnerability that’s often found in plugins. Scripts are injected that let a hacker send malicious code to the user’s browser.
  • Denial of Service (DoS): If there’s a bug or error in the website code, the hacker can use those to overwhelm a site until it breaks.
  • Malicious Redirects: A backdoor is used to redirect your site.
  • Pharma Hacks: Rogue code is inserted into an out-of-date WordPress version.

10 Steps To Recover a WordPress Website That’s Been Hacked

If you’ve been hacked, do the following as soon as you can. Try to stay calm as you go through this list — panicking will only make it harder to work efficiently, and you could miss important steps along the way.

Put Your Site in Maintenance Mode

If you’re able to access your website and log in, put it in maintenance mode. You want to do this even if there’s nothing obvious that users will see when visiting your site. As you’re working on it, maintenance mode protects their devices and information, as well as keeps it under wraps that you’re dealing with a hack.

Find Your Backup

You’re going to contact your hosting provider in the next step, but sometimes, when a host finds out you’ve been hacked, they delete the site immediately to prevent further problems. That’s why you need backups of your site and database first.

If your backups are stored on the same server as your website, they’re likely gone once you’ve been hacked. However, consider checking these spots in case you have one saved there as well:

  • Your Backup Plugin: If you use a backup plugin, there’s probably a backup stored in the provider’s cloud service.
  • Your Cloud Account: See if you’ve manually saved a website backup to your cloud service, like Dropbox or Google Drive.
  • The Hosting Provider: It’s possible that the hosting provider you use has a backup of your site that you can still access.

Contact Your Host

Depending on the type of hosting package you have, your provider may be able to take the reins and handle a hack for you. Early on, contact your host to (a) let them know your WordPress website has been hacked and (b) find out what help they offer. If you’re not able to gain any access to your site at all, you may need the host’s help to get anywhere.

Reset WordPress Passwords

You won’t know which password was hacked, so it’s safest to change all of them ASAP. While you’re at it, reset any and all passwords associated with your WordPress, like your database, host and SFTP passwords. Also, contact admin-level users right away and have them change their passwords as well. Moving forward, aim to change your WordPress login every couple of months or so.

Update Everything

Make sure your WordPress installation, plugins and themes are all up to date. Doing this early on means that you may patch a vulnerability that the hackers initially got through. If you wait too long to do this step, you could go through the trouble of fixing your site only to have it hacked again through the same outdated plugin or theme.

On top of updating your plugins and themes, do the following:

  • Deactivate and delete anything you don’t use.
  • Are you worried that one of them is from an unreliable vendor? Deactivate and delete it.
  • Remove and reinstall any that you think may be giving you trouble. Or, better yet, remove the plugin or theme and then replace it with something else from the official directory.
  • Check the support pages for the themes and plugins you have installed. There may be recent comments from people who are having the same issue.

If you want to delete plugins from your SFTP instead of the WordPress dashboard, you can. Make sure that you delete the entire directory for the plugin, not individual files. You’ll look for wp-content/plugins/[plugin name] and delete the entire directory and everything in it.

You can do the same for unused themes by going to wp-content/plugins/[plugin name]. Keep in mind that if you’re using a child theme, you probably have two directories to retain so that your theme stays intact.

Remove Unnecessary Admin Accounts

Check through all of the site’s admin accounts and get rid of any that you don’t recognize or that are no longer relevant. For those who still need access to your site but aren’t admins, change their access level. Also, it’s a good idea to check with admins to find out if they changed their account details before you delete an account that’s actually legitimate.


Remove Files That Shouldn’t Be There

You’ll probably need a security plugin for this step. Running a site scan should alert you to files that are there but shouldn’t be. We’ve rounded up the six best WordPress security plugins for your site.

Clean and Resubmit Your Sitemap

If your sitemap’s been hacked, it could have malicious links or foreign characters in it. Your SEO plugin should let you regenerate a fresh, clean sitemap. You’ll then have to submit that to Google via the Google Search Console. Let Google know that your site has to be crawled again.

This can take up to two weeks, so know that the search warning may not be cleared until then. To check if your site’s back in good standing, you can go to this URL: http://www.google.com/safebrowsing/diagnostic?site=http://yourwebsite.com/


Reinstall WordPress Core

When nothing else seems to work, the only way to repair your site when WordPress was hacked is to reinstall it entirely. You can do this through the admin dashboard or through your file manager.

Clean Out the Database

Lastly, clean out your database. Your security plugin should be able to tell you if the database was compromised, and it may also be able to clean it out and optimize it.

How To Prevent Getting Hacked in the Future

We know you never want to go through this again. Here’s what you can do to prevent your WordPress site from being hacked in the future.

Set Secure Passwords and Two-Factor Authentication

If you haven’t done this already — or if you did but you rushed because you were panicking — make sure that all of the passwords for your site are strong. Then, add two-factor authentication to your site, which will make it tougher for a hacker to create a false account.

Use a Security Plugin or Service

We’ve mentioned this so many times already that you’re bound to know by now that you need a security plugin for your site. The biggest benefit to this type of plugin is that it will alert you if there’s an issue so that you can take preventative steps before it gets out of hand.

Need even more protection? There are security services that will monitor your site for you and fix any issues that arise. And if you are hacked again in the future, they’ll handle all of the troubleshooting steps for you.

Keep Your Website Up to Date

Everything on your site should be up to date, from the WordPress version to any plugins and themes you have installed. Updates usually have security patches, so leaving them out of date means that hackers can easily find their way in. If you’re not in your site regularly to perform maintenance, use an auto-updater to handle it for you.

Use SSL On Your Website

SSL is standard with most hosting packages, and it adds another layer of security to your site. Check with your host to see if SSL is included. If it’s not, you can install a dedicated SSL plugin, or check if your security plugin includes it.

Use a Firewall

A firewall acts as a bouncer between your site and the rest of the world, blocking anything dangerous before it has the chance to cause a problem. You can use a security plugin or service, but first check with your host to see what type of firewall protection you already have.

Be Careful With What You Install

Only install plugins and themes that come from reputable sources — the official WordPress directory is your best bet. And even then, make sure that what you’re choosing has been tested with your version of WordPress. Avoid plugins and themes from third-party sites. If you must get one from somewhere other than the WordPress directory, research to find out if the vendor has a good reputation.

Clean Your WordPress Installation

Anything that’s hanging around that you don’t need anywhere should be deleted, including:

  • Files that you no longer use
  • Plugins that are inactive or active but unused
  • Themes that are inactive that you won’t use again
  • Old WordPress installations
  • Unused databases

Old WordPress installations are especially vulnerable. Often, your backups are kept in a subdirectory of your site. So while your main website may be secure, a hacker can get in through those old installations.

Try to walk through this cleanup routine regularly, like every three months, to keep your website more protected against getting hacked.

Wrapping Up

When your WordPress website has been hacked, your site often isn’t available to your visitors, which could impact everything from your brand’s reputation to your income. Acting quickly and smartly is necessary to get your site back in working order. Then, the next most pressing matter is how to keep your site healthy and hack-free moving forward.

Luckily, many of the maintenance suggestions we’ve covered are no-brainers. You probably already know that stronger passwords and up-to-date plugins mean a healthier site, just to name a couple best practices. By following the advice in this article, you have a better chance of fixing your WordPress site after it’s been hacked and avoiding the same headache in the future.

SEO is the lifeblood of your website, and it will affect just about everything that happens with your site. Here are some important points any SEO agency would consider when thinking about SEO: keywords, links, title tags and descriptions, page titles, and headings. This article will explore each one in more detail so you can get a good understanding of how they work together to increase search engine rankings. Let’s dive right in!

Utilize Keywords

Your “keyword” is the word or phrase that people will type into a search engine when looking for your website. Google, for example, uses data from your common keyword to determine how relevant it is to a search result.

Plan for Links

Links are the currency of the web. Whenever you link out to another site, whether it’s sending someone to an outside resource or linking back to one of your own pages, that is a positive signal for search engines. The more quality links you have coming to your site, the better you will rank.

Check Your Title Tags and Descriptions

Just like how people use keywords to find your website when using search engines, people viewing your website will be using those same keywords to figure out if they want to stay. Your title tag and meta description are the titles that show up in search results next to your link, so make them compelling enough for people to click.

Create Unique Page Titles and Headings

Page Titles and Headers are the most important information on a page from an SEO perspective. You want your title tags to be interesting, but they also need to provide the reader with the information they were looking for. In addition, you will use subheaders throughout your writing to highlight certain topics. Just like how you used keywords in your title tags and meta description to match what people are searching for, use headers and keywords in your content so that both humans and search engines know what your page is about.

Alltogether, SEO can have a dramatic effect on how successful a web page will be. The more relevant information you provide with your keyword usage, links, title tags and descriptions, page titles and headings, the more likely you are to have people find your web page in search results. If you are unsure of how to link all this together, it’s time to hire an SEO agency to help you. Remember, the more SEO-friendly your web page is, the higher ranking it will have, and the more likely people are to find it!

PS: When designing and developing websites, Artkenya always uses pemium themes which are ‘SEO-friendly’. And when hosting your website with us, we install premium plugins that give you everything you need for fast, powerful WordPress SEO with industry-leading features like:

  • Automated SEO checkups and reports
  • Sitemap auto-generator and search engine notifications
  • Titles and meta descriptions
  • Full support for default schema.org types
  • Site crawls, scans, and reports
  • Automatic linking
  • 301 Redirects
  • Advanced social media sharing

Please contact us today for a free consultation.

When seeking reliable website hosting services, you must consider keeping your site secure. Today, the standard is to make your site “HTTPS” instead of “HTTP” if you want to avoid the embarrassment of your visitors seeing a “not private” security warning.

What is SSL?

SSL stands for “Secure Sockets Layer (also known as “Transport Layer Security”.) and is a cryptographic protocol designed to provide communications security over a computer network. It involves scrambling data to make it almost impossible for hackers to read. Most websites these days have an “SSL Certificate,” which helps anyone who visits that site to feel safe. Having SSL protection increases the trust level among site owners and potential customers. The free version offers the same benefits as the paid version but doesn’t have a verified signature other than what a site owner might sign themselves.

How Do You Get an SSL Certificate?

Website hosting companies usually provide a free one through the “Let’s Encrypt” version. It offers the standard protection expected by most site visitors. You also can receive paid versions that usually come with advanced support and might cover a validation period of one or two years versus only 30-90 days. Either free or paid, you receive the option to order one for your website when you sign up for website hosting services.

Is an SSL Certificate Necessary?

If you just have an informational domain that doesn’t require visitors to register, you might not need an SSL certificate for your site. If you do have forms that collect sensitive information such as last name, phone number, birth date, or social security number, an SSL certificate is recommended. Even if you have a web form that just requires a first name and email, it wouldn’t hurt to have SSL encryption to make visitors feel better about signing up to your newsletter, special offers, and free products.

SSL Certificate Renewal

You can usually sign up for your domain at the same time you purchase website hosting services. When you do, you could coordinate this renewal service with your SSL certificate. Make sure you check on your domain status before it expires, which usually happens once a year.

You also can purchase multi-year plans that extend your domain ownership and SSL certificate out to at least two years or longer. Whether a year or more, make sure you keep both your domain and your SSL certification active so customers can find you.

PS: When signing up for Artkenya’s ‘Managed Web Hosting’ service, we provide a FREE SSL.