1. Keep your site up-to-date with the latest versions of core, theme and plugins. Take extra care when you are using paid or bundled plugins, you may need a product (license) code to be able to update the plugin or theme. If you´d prefer we keep your site up to date make sure you use the Savvii auto-update function to keep everything up-to-date
  2. Change all admin user passwords to safe and unique passwords (tip: use a password managers such as 1Pass, LastPass or KeePass).
  3. Keep the amount of users with administrator privileges as limited as possible.
  4. Change the username of the user named 'admin' to something inconspicuous to make it harder for hackers to guess the username and then try different passwords.
  5. Use anti-virus software on your own computer(s) and the computers of other admin users.
  6. Do not use illegal or nulled themes and plugins. Are you currently using one? Our advice is to delete them immediately.
  7. Do not leave 'junk' in your hosting account and WordPress site:

  • Throw away inactive plugins and themes, you might no longer use the, but if they contain exploits it can still be possible for them to be exploited, even if they are disabled.
  • Delete inactive accounts (former co-worker's accounts)
  • Avoid additional WordPress installments in the sFTP account
  • Delete folders that belonged to your old hoster (cgi-bin)


Additional tip: Do not buy themes that come bundled with existing plugins. These are usually very difficult to update, which will result in outdated plugins with (huge) security risks.