Protect your WordPress websites from terrorists

ProtectingAt first glance, the title of this blog entry may seem sensationalist. However, on April 7, 2015, the FBI issued a press release revealing that a group claiming to be ISIL / ISIS sympathizers were targeting WordPress websites.

You can read all the details in the official PSA, but suffice it to say, this is a massive WordPress hacking event.

Typically, the issue is that vulnerable sites are running outdated versions of WordPress, plugins, and / or themes. If you haven’t upgraded WordPress in the last couple months, you’re at risk.

You can probably upgrade your website yourself, or if that makes you uncomfortable, pay a professional do it.

Upgrading Yourself

If your website’s software isn’t too old, you are probably relatively safe upgrading WordPress, the plugins, and the themes yourself.

We recommend the following steps:

  1. Back up your entire website using BackupBuddy or some other backup plugin.
  2. Upgrade WordPress, all plugins with updates, and all themes with updates.
  3. Check your web pages and functionality to make sure everything looks right and seems to work correctly.
  4. Back up your entire website again.

Even if you leave the backups on your website for a while, be sure to download them so you have a local copy as well. If you’re using BackupBuddy, make sure you also save a copy of ImportBuddy by going to BackupBuddy > Restore / Migrate in your website’s backend menu, and make a note somewhere of the password you set for ImportBuddy.

Of course, it’s entirely possible you’ll run into errors, even if your website is relatively up-to-date. You may not have enough room on your account to run the backup (we recommend at least 50% free space as a rule of thumb), or your server may not be configured correctly for the backup plugin to work.

And even if there are no errors, it’s possible that when you check the pages and functionality, something might be broken. In fact, the older the software, the more likely that is to happen. But it could happen at any point.

If you run into any issues, contact your web host or website provider. While they may have to charge you for the time, they can take the proper precautions to make sure your website gets upgraded properly.

Professional Upgrade

You may try to do it yourself and run into issues, or you may just decide at the very beginning that you want an expert to handle it. Whatever the case, you’re usually much safer having your web company do the upgrade.

If you would like to talk about us helping you, feel free to contact us.


  1. Nice list! Thanks for gathering this useful information. One question: when I went through I didn’t see any recommendations considering emailing solution.
    I personnally use Sendinblue WP plugin since I experienced recurring disappointments with Mailchimp’s deliverability. I find it great and I would like to have your feeling on this.

    • Thanks for the comment, John. We haven’t experienced those sort of issues with MailChimp, so we currently recommend MailChimp over any kind of WordPress plugin for most email marketing.

  2. I really love the security plugin called Wordfence. It allow me to auto block any IP trying to hack my site, it notifies me of out-of-date plugins, and if you do get hacked it will show you which files have been changed, then show you a comparison of before and after, and easily allow you to go back to the previous version of any file. The basic model is also free with the option of a more advanced paid model. Very slick and super easy to set up and use.

  3. I have been using most of the plugins that you suggested for a while now. The only one I haven’t tried that are on your list is W3 Total Cache. I am kind of skeptical and concerned that it will cause issues with the site. I thought the whole point of WordPress was to make your blog dynamic. Does it not cause problems with new posts not being displayed and things like that?

    • Moses, there’s definitely always a risk with any plugin, especially as you first get used to using it. In our experience, you do occasionally have to clear the cache or reset it manually. That’s solved any issues we’ve had, though.

Leave a Reply

Your email address will not be published.