How to maintain WordPress for security

A WordPress site needs to be maintained to keep it secure. This tutorial will go over how to maintain WordPress for security.

Please note that this tutorial is part of a series to help secure a WordPress blog. Some of these tips might not apply depending on the hosting environment. The following topics are covered:


Firstly, passwords should be changed at least every 4 months. As mentioned in the tutorial on How to install WordPress securely, choose a password that:

  • Contains lowercase letters, capital letters, numbers and special characters;
  • Is between 10 to 50 characters in length; and
  • Is unique (you haven’t used the password anywhere else).


Secondly, it is important to keep everything up to date as some updates may contain security related patches.

  • WordPress version
  • Any and all plugins
  • Themes

To check for updates and proceed with updating, click “Updates” under “Dashboard”.

Location of "Updates" link

As a result, anything in need of an update will be listed on the page with an update option.

Delete unused plugins

Too many plugins can affect a site’s security. Thus you should delete all unused plugins. To do so, navigate to “Installed plugins” under “Plugins”.

Navigate to "Installed Plugins" under "Plugins".

Then navigate to the unused plugin and click “Deactivate”.

Deactivate unused plugins to maintain WordPress for security.

Finally, delete the plugin by clicking “Delete”.

Delete unused plugins to maintain WordPress for security.


In summary, to maintain WordPress for security, change passwords at least every 4 months, delete unused plugins and keep everything up to date: from WordPress to themes to plugins.

If you know of any maintenance procedures that would be beneficial to a blog’s security, please let me know in the comments down below!

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top