Updating (updating) a WordPress site’s plug-ins, theme, or main body will overwrite the code, so it may be difficult to update if you have customized the site in any way.
In addition, many sites have been stopped by their creators from updating their sites because of the possibility of malfunctions that may occur if the above mentioned updates are made.
We would like to introduce some ways to improve the security of WordPress for those sites that cannot be updated.
Security measures for sites that are difficult to update (update) 1 Strong passwords
Make sure that the password for users with WordPress administrator privileges is at least 12 characters long, a random string of one-byte alphanumeric characters and upper and lower case letters, preferably including symbols.
This will greatly reduce the possibility of hackers gaining access to WordPress administrator privileges.
Security measure for sites that are difficult to update (update) 2 Remove unused themes and plugins
Hackers can exploit vulnerabilities in WordPress themes and plugins that are inactive.
We recommend that you remove any themes or plugins that are inactive because they are code that is not used 9/9 on your site.
Plug-ins that are only enabled but not configured or used on the site may also be inactive.
Security measures for sites that are difficult to update (update) 3Plugin vulnerability testing
Free vulnerability testing is available at WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal]. (Unlimited for paid version)
Hackers enforce the takeover of WordPress sites by using tools to hack vulnerabilities of WordPress plugins circulating in that world in bulk.
Sites that are caught by search engines may become a target of hackers via search engines, so using vulnerable plug-ins is a major security risk.
Security measures for sites that are difficult to update (update) 4 version confidentiality
If you are using an older version of WordPress or plug-ins, the HTML source code may reveal the version and make your site a target for hackers.
You can suppress WordPress version output with the free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
Security measures for sites that are difficult to update 5Always check for malware
By constantly scanning your WordPress site for malware using a plugin that can scan for malware, you will be able to recognize and respond to infections immediately.
You don’t want your site to fall victim to malware without you knowing it, and you don’t want your visitors to be redirected to an unauthorized site or otherwise inconvenienced.
Also, if you are exposed to malware and the search engines become aware of it, your search rankings may drop.
Examples of plug-ins that can check for malware
Wordfence Security – Firewall & Malware Scan
Free WordPress:Malware Scan & Security Plugin [Malware & Virus Detection and Removal].