Home Digital Ministry Websites 4 Areas to Monitor for a Secure WordPress Website

4 Areas to Monitor for a Secure WordPress Website


WordPress is an extremely versatile and well-supported website content management system (CMS) solution. It works for anyone from a small blog to major corporations–and even churches. In fact, nearly 35% of the internet runs on WordPress. It is a highly customizable solution with plugins that can extend its functionality. WordPress makes it easy to create a blog, showcase a portfolio, run a magazine, showcase a podcast or publish your church website. But no matter what platform, websites are not a ‘set it and forget it’ solution. They need proper care and maintenance.

Think of it like the landscaping around your house. If you live anywhere besides the desert, you know that if you don’t regularly cut your grass, deal with weeds, trim hedges and do other routine yard work, your house will be overcome by vegetation. This can make your home ugly to look at and your yard impossible to enjoy. Beyond that, ivy and other plants can grow wild and compromise the very foundation of your home. If left too long, it can actually destroy a building, leaving no choice but to demolish it. 

A WordPress website is much the same. If left without proper care and maintenance, plugins, themes, and core files go out of date, security issues are not fixed, and the site may not be properly backed up. This leaves a gaping hole in the security of your website for hackers to insert malicious code or take down your site. The last thing you want is parishioners to visit your site and have a malware infection automatically redirect them to an unsavory website. At that point, it could take a lot of time and work to get your site back up or may even require starting over from scratch. Ouch.

So, if you are running a WordPress website then there are several areas you want to maintain to make sure your site stays in tip-top shape.

#1 – Updates to Plugins, Themes, and Core Files

There are three main items to update on a WordPress site: Plugins, themes, and Core Files:


Plugins add incredible functionality to WordPress. They transform a simple blog platform into just about anything you want. However, they are also incredibly susceptible to being hacked if they are not regularly updated. Such is the case with any website, WordPress or not. There are weaknesses in the backend that hackers can use to inject malicious code into your site or steal information. Updating plugins is an important task to keep these holes closed.

Even though updating plugins is very simple, it can cause your site to break if not done carefully. There are thousands of plugin developers and one plugin may not play well with another after an update. This can sometimes cause conflicting code and you will need to rollback your plugin version if there is an issue. The best way is to do a safe update on a staging site first, and then perform the update on your live site.


Themes are like the clothes you put on your website. It’s the look and design of the site. From time to time, theme creators will update the theme and add new features. It’s good to update your theme anytime a new version is available. Updating your theme is usually very simple and can be done with a push of a button inside WordPress. However, there are thousands of theme creators and each one does things slightly differently. Updating your theme could cause conflicts with the structure and design of your site. It’s good to backup your site first and if anything goes wrong after the update, restore your backup.

Core Files

The WordPress Core is like the operating system of your site. It’s the heart and soul of WordPress. The WordPress team is constantly making improvements and fixing security issues. Every once in a while, they release a new update to the core. It’s important to update this so hackers cannot exploit security issues in previous versions. It’s like updating your Mac to the newest version of macOS. This is usually a pretty simple update and goes quite smoothly.

#2 – Backups

Backups are crucial to any website. Anytime a change is made, it’s key to create a backup in case something goes wrong. However, it’s not good enough to just back up a WordPress site. It’s important to save that backup somewhere other than your web hosting server. I have heard many stories of a site going down because the server had an issue. When the user went to restore their site, they couldn’t because the backups were corrupted or just plain gone because they were stored on the server. It’s good practice to update your site regularly and store those updates on another server, like Google Drive, Dropbox, Amazon or even on your desktop. That way if anything does happen to your server, you can restore your site in minutes. You can check out All In One WP Migration, a free plugin to manage all your backups.

#3 – Security

There is a stigma that WordPress is not a secure platform. That is not accurate at all. But when a single platform powers a significant portion of the internet, it becomes a target for hackers. Out of the box, there are some areas that are easy for hackers to exploit. A few WordPress security tweaks can deter potential hackers and harden your site against those undeterred. Adding security plugins like iThemes or All In One WP Security can help keep your site safe. These plugins will lock any malicious activity out of the site and close up any vulnerable areas. This measure should be coupled with regular security scans. Some malware can be present on a site for months before affecting it. Scanning your files and code to double-check for malware is key to staying on top of security. 

#4 – Site Performance

A slow site can cost you. A slow site can negatively affect your Google ranking. The last thing you want is to be on page two of Google when someone searches for churches in your area. Additionally, most people will give up on a website if it takes longer than 3 seconds to load. There are many factors in site performance like your hosting company, your site code, the theme and the number of plugins you are using. Knowing how to optimize your site’s performance is key to having good SEO and not turning away potential guests before they even get to your physical front door. Tools like Pingdom or GTMetrix can scan your site and give you suggestions for how to increase your site’s performance. 

Creating a website, no matter what platform, requires a lot of time and energy. Often you need to focus on more important areas of ministry, but you can’t neglect your website. Unless there is a web-savvy employee on staff, a church may only know how to add a blog post, update a photo or even less. If something goes wrong, it could be catastrophic. So, how does a website owner keep their WordPress site in good working order? How do they keep the “weeds” from overtaking it?

Sometimes it’s great to have a little help. TendWP is a WordPress maintenance and support service that helps WordPress website owners have peace of mind knowing their site is in good hands. They free you up to live your calling and not mess with a website. With WordPress, you have ultimate control over design, functionality, and ownership of your site. TendWP makes sure it’s running so you don’t have to think about it. If you are looking to develop a new church WordPress site or maintain your current site, you don’t have to do it alone. 


  1. Hey Matthew, good post. Website security is definitely something that tends to be neglected and under valued by churches. Thanks also for suggesting TendWP. I hadn’t heard of them. We offer a similar service at OurChurch.Com and its good to have something to compare it to.


Please enter your comment!
Please enter your name here

Exit mobile version