Frequently Asked Questions (FAQs)


WordPress Security – The bottom line

Security a hot topic and websites have been getting hacked for years – people are losing sleep because of it. The bottom line is that there is always a risk and your website can never be 100% secure. Hackers are constantly developing new ways of attacking sites and looking for new vulnerabilities to exploit. Technology changes quickly and security is no different.

Good security is all about minimising risk and if anyone tells you that they can offer you a 100% secure WordPress or any other solution then they aren’t telling you the truth! BUT there’s plenty that can be done to minimise risk and help you to sleep better at night knowing that the changes of your WordPress website site going down have been decreased.


WordPress is popular, in fact the reality is that 17% of the websites worldwide are built on the WordPress platform. Yes a whopping 17% – that’s a lot! The popularity of WordPress makes it a big target. BUT to say that WordPress isn’t sure isn’t strictly true. It’s all about how it is set up and secured. You have to know what you’re doing. With most hacked WordPress sites that we’ve worked on we’ve found the root cause to be poor passwords, server vulnerabilities and cross contamination. We follow best practices when securing a WordPress site and impart best practices to our clients. It’s a team effort to lock down WordPress and a chain is only as strong as its weakest link. Don’t blame WordPress – it’s how it’s setup and locked down.

Just like improving accessibility of a website can have adverse affects on usability if taken to extremes, security can have negative affects on usability so it’s a matter of striking a balance. Locking your website down is fine but if it becomes too difficult to use as a result you must think about striking a balance between the two – for example is your captcha just so difficult to see that you can’t even solve it to login your content management system?

Hacks, server crashes, updates gone wrong? Is your WordPress website protected?  An up-to-date backup will save the day!  Most WordPress backup plugins use a fast but resource intensive php script which can adversely affect server performance and backup reliability (especially with larger WordPress websites).  Incremental backups are the future – they are built to run reliably, no matter how large your website is, and where it is hosted.  Incremental backups with minimum resource usage and off-site storage are the way forward but still a much overlooked option.

So that our clients understand all the hard work you’ve done for them – we provide a monthly report with our WordPress Maintenance and Support service which covers 4 key areas:

  • Incremental Backups and Restore Points
  • Uptime Monitoring
  • WordPress and Plugin updates
  • Security Scans

We provide an executive summary that managers and owners can understand.  It covers all of the ways that we’re constantly reducing the chances of your website going down!

Classic backups will be the thing of the past, because websites keep getting larger, and hosting companies keep restricting the site server resources more and more. That’s why we came up with a completely different backup solution. It uses less server resources, it’s much more reliable, and more secure. We still also run PHP script based backups too so you have even more backups!

The chances are that your web host should have a disaster recovery plan in place and be taking regular backups of your website.  This is standard practice.  But did you know that these backups are generally for them and not typically guaranteed in terms of you asking for a restore of your websites.  Especially if you have cheap hosting on a shared server and if you’ve ever requested a restore you’ll have had a copy of your website dropped into your FTP folder for you to restore yourself.  What’s more – this restore may have taken some time and all this time you will have been panicking about losing your website.

This is where this service comes in.  We know that websites are no longer just static html simple 5 page websites.  Many of our clients now have blog sections on their websites and update them frequently.

If you’ve been hacked then you’ll know the feeling.  Sheer dread! Have my web host got a copy? Do I have a copy? When was the last time this was backed up? What if all my blog posts have gone missing? You no longer need to worry with our package…we take care of it.  As well as running both regular and incremental backups we also take steps to vastly decrease the chances of your website being hacked in the first place.

No! Here’s the scenario – you had a brand new responsive WordPress site designed and developed last year and you love it.  You have the wp-admin logins and blog twice weekly.  But you’ve noticed all of these update messages in your dashboard telling you that you need to update WordPress and a few plugins.  You go to click update but it doesn’t complete and your site is trashed.  You need to rollback to a working restore point but don’t know how.  You need help but know that if you call your web developer to get your site back up and running with no notice he’ll have to charge you a premium.  Besides he should have told you to take a backup before clicking that button right? You no longer trust him because he didn’t take care of you as a client and was busy with other projects.  You need us to look after your website and fix an issues as and when they happen.  Wordpress can be complex with different plugins and WordPress core which should be updated regularly.  If your website is on cheap hosting then your web host may have restricted resources which stop some plugins and php scripts from running, they may time out mid way through operations and cause issues.

Gone are the days when you could have a website designed and set and forget it.  But many web designers out there are still churning out sites and forgetting about aftercare.  This is where we come in.  Everytime we design and develop a website for a client let them know that the service doesn’t end there.  We educate them about vital updates that must be carried out by someone.  We shudder when a prospective client contacts us with an existing WordPress site that we haven’t developed and it is still on WordPress from 2 years ago, has 12 plugins that are out-of-date, 13895 spam comments in the database adversely affecting site performance and 4 themes 3 of which are inactive but have never been updated. If this describes your WordPress website then contact us now!

They’re the future of WordPress backups – they are more reliable, use less server resources and allow a quicker restore from our end.  If you have a website that brings in targeted traffic and enquiries to your business whether you’re a Accountant, Plumber, Electrician or a blogger then you need incremental backups.  Wordpress plugins that deal with backups are php script based and basically run a quick and resource intensive job on the server.  A lot of hosting providers have tightens up resources on their solutions due to this and other scripts in recent years because they just take up so much resource.  The other issue is, especially if you have a larger than average WordPress site, if you run backups too often then they can overlap which can cause all kinds of issues (and that’s if your web host hasn’t already throttled your resources causing your backup script to timeout) – basically another backup starts before the last backup hasn’t finished resulting in even more resources being used.  So what do you do if you blog daily or even 4 times per day? Backup 4 times per day? Or just accept that so much data will need to be added again if your website does fail and need to be restored.

Incremental backups work differently to this – you know like Dropbox works, one full backup is taken, then changes are scanned for and ONLY the changes are backed up.  Unlike standard php script based backups, incremental backups take up about the same resources as a visitor to your website – hardly any.  Restores are much easier too and we use a staging area and a screenshot of each restore point so that, if your site has been hacked, we have a better chance of being able to view the website as it was before it went down / was defaced!  This means that rollbacks to restore points are quicker and less downtime for you.  I’d pay for that peace of mind and being able to sleep better at night – wouldn’t you?  If so, contact us now

No even very large websites with full-time security teams such as banks, government sites and billion pound eCommerce sites can be hacked.  Imagine though that these are big targets and your site is likely not.  Think of it like a street full of houses and a burglar walking down the street at 2am and noticing that one of the doors as been left wide open, no lights.  Would the burglar go to the effort of breaking into a house that was locked and just walking straight through the open door of the house that the resident and left open by mistake?  The burglar would choose the path of least resistance and so do hackers.  Wordpress hackers look for vulnerabilities and your website will have a higher chance of getting hacked if plugins are out-of-date, themes need updating, WordPress core hasn’t been updated in ages, etc.  So why make your website easy to hack?  We follow a process to vastly decrease the changes of your website getting hacked but if it does then we can restore your site and investigate what went wrong.  The chances of downtime are decreased and peace of mind is assured.

Yes we do! the WordPress Woocommerce plugin is our go to plugin if we’re building an e-commerce website for a client. So we know it inside and out. We understand that e-commerce websites can take more time and effort to maintain and support so we can help you choose the right WordPress Monthly Maintenance and Support package to help keep your site up and running.

This issue is usually a result of your WordPress website either lacking a SSL certificate, the SSL certificate having expired / not renewed, or what is known as “mixed content issues” which is the result or some assets being loaded over HTTP instead of HTTPS. We can fix any of these issues and could optionally migrate your website to our WordPress web hosting which is fast and secure.

Each domain ( or requires its own plan, e.g. if you have 2 websites that you would like us to manage and maintenance, you’ll need 2 separate plans i.e. a plan for each. Talk to us about discounts of larger volumes of plans though as discounts may be possible at management’s discretion.

Yes we specialise in WordPress and provide all of the above. For a quote, fill out our contact form.

Making a WordPress website quicker usually involves a number of steps but one of them might inevitably be to change your web host if they cannot provide a quicker platform to host your website from. If may be worth dropping them a quick line to ask if they can upgrade you and for, what, if any, cost for doing so. If there’s nothing they can do to improve things though then it may be time to move your website hosting over to one of our WordPress website hosting packages which start at £240 per year including a FREE SSL certificate.

Yes, depending on which plan you choose, we optimise your WordPress website’s MySQL database and this is something we certainly recommend to help speed up your website and tidy things up generally. The chances of website errors can also be reduced by performing this straightforward regular task. You’re in safe hands with us as we’ve thought of everything.

Digging through and tidying up code isn’t included in our WordPress Security and Maintenance plans unless we see it as posing a security threat. We can, however, deal with these issues as part of another piece of work…we’d consider this a separate piece web development task and provide you with a competitive quote for this.

Yes but not part of WordPress Security and Maintenance plans. This would be quoted for as a separate piece of work. We do provide a weekly or monthly report as part of our plans but these don’t cover Google Analytics.

Yes. Just get in touch via our contact form and we’ll let you know the next steps.

This is outside of the scope of the WordPress Security and Maintenance plans but we can help. We would certainly need web host access, possibly to liaise with your web host to help out and probably domain registrar access too. We’d get started by asking you a complete a quick email deliverability test that we’d guide you through. This would include checking your domain/IP against known blacklists too so the testing is quite thorough and will result in a clear plan of action to help to improve your email deliverability.

You’re right to be concerned. The plugin is likely to have been abandoned by the developers, as many plugins are. I’d try to stick to the most well-known plugins, which we can help with and advise on. Generally, we’d tackle this issue by sourcing an alternative plugin to replace the offending outdated one. If the functionality that the plugin provided can be written in the theme negating the need for a plugin, then even better. This may obviously incur a separate charge to be agreed before any work is carried out.

Yes of course. Whichever suits you. We realise that not everyone likes to commit to a pay monthly. However, a monthly plan generally works out less expensive than a one-off fix and you’d generally benefit from quick response times.

If you’ve chosen a plan with us get our engineers get on the case immediately and proactively provide a resolution. We have the facility to use a staging area to ensure a “last working version” can be rolled back to whilst we resolve the issue. Sometimes what looks like a hack might have just been a plugin going wrong or server downtime. We do ask that you choose a reliable web host for your WordPress website. We ping your website regularly to check for uptime and well as running various alerts to let us know if anything has gone wrong. One of our engineers reacts quickly to get your site up and running ASAP.

We can help you with sourcing and purchasing a domain name (or transferring a domain name between domain name registrars (providers), setting up hosting, designing and developing the website, setting up email accounts with Google G-Suite or Microsoft Office 365, configuring DNS, adding Cloudflare to improve site speed performance, improving email deliverability once you’re up and running (including creating an SPF record), auditing your DNS, and setting up custom nameservers if your domain name registrar allows this. Need a logo, business cards, the full marketing works? We can help with this too!

So you’ve had quite a lot of SEO carried out and are concerned that the URLs or page names or even domain name itself has changed. This isn’t part of our WordPress Security and Maintenance plans but we can certainly quote separately and help with this. We are often dismayed at how many web developers do not take SEO into consideration when a website significantly changes such as when a new website replaces an old one. We’d start by taking a full audit of the website URLs, both before and after migration. Don’t worry if migration has already taken place, we have a workaround in these circumstances. Next steps are to create redirects which can be removed at a later date, once Google and other popular search engines have caught up.

Don’t worry – we’re here to help. We can work with your host to update the version to the latest stable PHP version as well as checking that other prerequisites are in place…such as an up-to-date version of MySQL. This should ideally be done in a staging area to thoroughly check for any issues that might be caused.

Some plugins run longer scripts than your web host might allow, which is usually a limitation that has been added at your web hosts end. This can be particularly troublesome and restrictive with shared hosting. We may be able to help update your PHP settings by editing your php.ini file.

We’ve mentioned this a few times but incremental backup are great because server load is decreased, especially important if your web hosting package has a tight quota. Incremental backups only backup what has changed and not what hasn’t changed. Rolling back is vital if anything goes wrong with your website and we can get the last working version of your site back up whilst we diagnose the cause. In addition to regular scheduled backups, we can also perform “On Demand” backups which we’d carry out before any work is completed on your website.

Yes, we have engineers who are familiar with both so a mixture of clients across both platforms, probably 55% PLESK and 45% CPanel. We’re happy to work on either. We can deal with full migration including DNS changes, new dedicated server or VPS setup and SEO requirements on migration. No job is too big!

Yes, we can have a look at this. Some plugins, especially security related ones, often write to .HTACCESS files which might causes issues if it isn’t automatically removed if the plugin is removed. It’s at the very least, good housekeeping to remove any leftovers.

Yes, these days we prefer to setup email accounts in Microsoft Office 365 so would usually steer clients in the direction of pointing their MX records in that direction but can setup emails on any major platform including Google’s G-Suite or directly in CPanel, PLESK, using Outlook Exchange Server, and so on.

Yes of course. Any task we perform triggers a prerequisite on demand (additional to the usual scheduled) backup as part of our standard workflow.

15'372 Websites hacked daily

Don't be the next: we can help you!

Contact Us For A Free Quote

Request Your Free Quote: We Will Love To Help You

Phone Contacts

Mobile: 07702 946224
Hotline: 0114 358 2490

Email Contacts

Head Office

WP Emergency Help is a trading name
of Internet Marketing Platinum Ltd
The Business Village @ BBIC
Innovation Way, Wilthorpe
Barnsley, S Yorkshire
S75 1JL

Subscribe to our mailing list

Submit the form below:
We’ll get back to you ASAP

    Let us Know which Wordpress Security and Maintenance Issues Concern You The Most (please tick multiple boxes)?
    Wordpress UpdatesOutdated PluginsHacksBackupsSlow Website SpeedsMalware or VirusesWebsite DowntimeContent UpdatesWebsite Lacks SSL