Updated February 24, 2026
This seems to be an ongoing topic that’s just not going to die any time soon. I’ve been talking about this for well over a decade now.
Business owners are busy, I get it. There is always so much to do, so many things that need your attention, that you just can’t be bothered worrying about your website. You haven’t taken the time to update and freshen up your content, let alone update WordPress, your theme and your plugins.
Make no mistake, not keeping up with WordPress updates can leave your website very vulnerable, as many WordPress updates includes security patches to prevent evil-doers from getting access to your site.
So, what can potentially happen then if you ignore your website?
Yes, you’ve been hacked. The “White Screen of Death”, as we call it. Or maybe your site is now officially in the “adult” website category? Or, it has been redirected to another site? Or someone has removed your site and added their own, using your server space and bandwidth?
Any number of things are possible, and all are repairable, but at what cost?
At the very least, your previous website must be restored from your backup.
You DO have a backup system in place, right?
As of this update, any good hosting company will include automatic daily backups in their hosting fee. If not, hopefully you had a good backup plugin installed and can easily restore your site from that. If you don’t have a backup plugin installed, potentially your hosting company can restore it to a previous date, but most of them can only restore to 30 days prior, so if your site had been hacked prior to this, and you have no backup, then you’re looking at recreating your entire site. From scratch. No bueno!
I recently decided I would reconnect with a couple of clients who have not been very active in their website. They have not made any changes to it in 2-3 years, nor had they been in touch with me to make any changes to it. Prior to contacting these clients, I thought I would stop by their sites to see what recommendations I had for them. Imagine my shock when I discovered that both sites had been hacked in the past couple of weeks!
One site had another entire WordPress site installed to another directory, so the hackers could just give out their own URL, such as www.yoursite.com/hackersite. They just moved right in and set up house!
The other site, had thousands of html pages added to just about every folder in the site (see image) and were selling everything from shoes to purses, to sunglasses, jewelry….you name it. In both cases, the PHP files had been altered to essentially break the client’s site, and they were now just giving out their own URLs to sell their stuff. Too cheap to pay the $70 a year for their own hosting I guess.
So what can you do to help prevent attacks on your most valuable marketing tool?
- The number one thing you can do is to log in regularly and make sure that WordPress, your theme and all your plugins are running the most current versions. Outdated plugins are the primary back-door in for most hackers. Hopefully you are active in your website and refreshing your content and maybe posting to your blog on occasion, so logging in on a regular basis and taking care of these things is not a big deal for you.
- Install a security plugin, which will alert you to people trying to log in to your site. You will be amazed at how many people actually try to do this. I prefer Wordfence Security, but there are many out there, so do your homework to see which will work best for you.
- Change your password frequently. Be sure to use something encrypted, not something completely benign, like ‘password’. You’d be surprised how many people actually use that 🤦♀️. What hackers and bots do, is scan WordPress for your user name, then try combinations of passwords to attempt to gain access. If your password is an easy one, that won’t be hard for them. Ideally you’re using a password manager like Bitwarden to keep all your passwords safe these days, and you can create a unique, encrypted password to safeguard your website as well.
- Make sure you have a good backup plugin installed and working properly. Most good Managed WordPress Hosting Plans provide free daily backups, but if you’re on an older hosting plan, you may not have that feature. For a backup plugin, I prefer Updraft Plus Premium Backup. They offer a free version as well, but it doesn’t have as many options, of course. If you’d like to become a Cowgirl Media client I am happy to provide you with my secure, fast and reliable website hosting!
- Be sure your hosting service includes an SSL certificate. Again, these are typically provided with most good hosting, but on occasion you may need to purchase it as a standalone product. These not only give you an extra layer of protection, but are required for optimized SEO now. Without one installed on your site, your search engine ranking will most likely suffer. If you’re not sure if your site has one, look for the https:// protocol, instead of the normal http:// protocol, as well as the padlock icon in your browser address bar.
The most important thing to remember here is to take an active role in your business’ online presence and keep tabs on your website. Regularly monitoring can prevent serious attacks on your website and save you time, headaches and most of all, money.
