[{"data":1,"prerenderedAt":273},["ShallowReactive",2],{"$fi_SA3l8D9e4tuLzFLMXUroEj8Vi4FUp0B2g2TbBke08":3,"post-is-your-wordpress-site-secure":147},{"site":4,"features":8,"stripe":10,"bridalfile":12,"navigation":13,"branding":124,"footer":127},{"id":5,"name":6,"domain":7},"7578a1b2-a8ec-462f-8980-d46ebefc76a2","Pwa Developer","pwadeveloper.uk",{"products":9,"bookings":9,"event_capacity":9,"ugc":9},false,{"enabled":9,"test_mode":11},true,{"enabled":9},{"footer":14,"header":42,"services":67},{"id":15,"name":16,"items":17},"4c83a83d-7d89-442d-8e4c-717e61d71c19","Footer Navigation",[18,22,26,30,34,38],{"id":19,"url":20,"label":21},"b8c9d0e1-f2a3-4b4c-5d6e-7f8a9b0c1d2e","/about","About",{"id":23,"url":24,"label":25},"c9d0e1f2-a3b4-4c5d-6e7f-8a9b0c1d2e3f","/blog","Blog",{"id":27,"url":28,"label":29},"d0e1f2a3-b4c5-4d6e-7f8a-9b0c1d2e3f4a","/contact","Contact",{"id":31,"url":32,"label":33},"e1f2a3b4-c5d6-4e7f-8a9b-0c1d2e3f4a5b","/websites","Websites",{"id":35,"url":36,"label":37},"d1e2f3a4-1111-4a2b-8c3d-dddd11112222","/services/nuxt","Nuxt",{"id":39,"url":40,"label":41},"d2e3f4a5-2222-4b3c-9d4e-dddd22223333","/services/supabase","Supabase",{"id":43,"name":44,"items":45},"090e7007-6dd0-4416-8ce2-2680c446d2a9","Main Navigation",[46,48,52,56,58,60,62],{"id":47,"url":20,"label":21},"c3d4e5f6-a7b8-4c9d-0e1f-2a3b4c5d6e7f",{"id":49,"url":50,"label":51},"a43446fd-355b-474a-a846-6f02ba7b4f68","/services","Services",{"id":53,"url":54,"label":55},"6b5e66d9-5267-4948-86b9-11ef75fcf821","/how-i-build","How I Build",{"id":57,"url":32,"label":33},"a1b2c3d4-5e6f-4a7b-8c9d-0e1f2a3b4c5d",{"id":59,"url":24,"label":25},"d4e5f6a7-b8c9-4d0e-1f2a-3b4c5d6e7f8a",{"id":61,"url":28,"label":29},"f6a7b8c9-d0e1-4f2a-3b4c-5d6e7f8a9b0c",{"id":63,"url":64,"label":65,"target":66},"e5f6a7b8-c9d0-4e1f-2a3b-4c5d6e7f8a9b","https://www.youtube.com/@anothermagentodev9161","YouTube","_blank",{"id":68,"name":69,"items":70},"9a2b3c4d-9999-4a2b-8c3d-aaaabbbbcccc","Services Menu",[71,77,83,89,95,101,107,113,119],{"id":72,"url":73,"icon":74,"label":75,"description":76},"1a2b3c4d-1111-4a2b-8c3d-111122223333","/services/pwa","fa-solid fa-mobile-screen-button","PWA","Installable, offline-first apps",{"id":78,"url":79,"icon":80,"label":81,"description":82},"2b3c4d5e-2222-4b3c-9d4e-222233334444","/services/wordpress","fa-brands fa-wordpress","WordPress","Themes, plugins, rescue work",{"id":84,"url":85,"icon":86,"label":87,"description":88},"3c4d5e6f-3333-4c4d-8e5f-333344445555","/services/magento","fa-solid fa-cart-shopping","Magento","Ecommerce & platform work",{"id":90,"url":91,"icon":92,"label":93,"description":94},"4d5e6f70-4444-4d5e-9f60-444455556666","/services/vue","fa-brands fa-vuejs","Vue & Nuxt","Reactive frontends, SSR apps",{"id":96,"url":97,"icon":98,"label":99,"description":100},"708192a3-7777-4081-8293-777788889999","/services/headless-cms","fa-solid fa-cube","Headless","Structured content APIs",{"id":102,"url":103,"icon":104,"label":105,"description":106},"8192a3b4-8888-4192-93a4-88889999aaaa","/services/ai-consultancy","fa-solid fa-robot","AI Consultancy","Where AI actually helps",{"id":108,"url":109,"icon":110,"label":111,"description":112},"a1b2c3d4-1234-4a2b-8c3d-aaaa11112222","/services/migrations","fa-solid fa-arrow-right-arrow-left","Migrations","Move platforms, keep your SEO",{"id":114,"url":115,"icon":116,"label":117,"description":118},"b2c3d4e5-2345-4b3c-9d4e-bbbb22223333","/services/technical-seo","fa-solid fa-gauge-high","Technical SEO & Performance","Core Web Vitals & speed",{"id":120,"url":32,"icon":121,"label":122,"description":123},"c3d4e5f6-3456-4c4d-8e5f-cccc33334444","fa-solid fa-globe","Custom Websites","Bespoke sites, not templates",{"logo":125,"logoDark":125,"favicon":125,"tagline":126},null,"WordPress & Web Developer in Hull, East Yorkshire",{"summary":128,"copyright":125,"address":129,"contact":133,"socialLinks":134,"openingHours":146,"logos":125},"Senior freelance web developer in Hull, East Yorkshire. 15+ years building fast, custom websites and web apps in WordPress, Magento, Vue and Nuxt. Work directly with the developer.",{"line1":125,"line2":125,"city":130,"state":131,"postalCode":125,"country":132},"Hull","East Yorkshire","United Kingdom",{"phone":125,"email":125},[135,138,142],{"url":64,"icon":136,"platform":137},"fa-brands fa-youtube","youtube",{"url":139,"icon":140,"platform":141},"https://github.com/adamcjackson1982","fa-brands fa-github","github",{"url":143,"icon":144,"platform":145},"https://www.linkedin.com/in/adamcjackson/","fa-brands fa-linkedin","linkedin",[],{"id":148,"slug":149,"title":150,"excerpt":151,"content":152,"content_format":268,"featured_image":269,"published":11,"published_at":270,"meta_title":150,"meta_description":271,"fields":272},"a6b775bf-1f50-4407-ada6-7050451f5337","is-your-wordpress-site-secure","Is Your WordPress Site Secure? The Basics I Check","Most small-business WordPress sites get hacked through a handful of boring, avoidable gaps. Here is the plain-English security checklist I run for clients in Hull, and what you can do yourself today.",{"type":153,"content":154},"doc",[155,161,168,172,176,181,185,190,194,199,203,208,212,240,245,249],{"type":156,"content":157},"paragraph",[158],{"text":159,"type":160},"Most of the WordPress sites I am asked to rescue were not hacked by some genius. They were hacked through a handful of boring gaps that nobody got round to closing. WordPress runs a huge chunk of the web, which is exactly why it is a target, and a small business site with an out of date plugin is the easiest door to walk through. The good news is that the basics that keep you safe are not complicated, and most of them you can check yourself this afternoon. Here is the list I run through when a client in Hull asks me to look at their site.","text",{"type":162,"attrs":163,"content":165},"heading",{"level":164},2,[166],{"text":167,"type":160},"Keep WordPress, themes and plugins updated",{"type":156,"content":169},[170],{"text":171,"type":160},"This is the dull one, and it is the one that matters most. The large majority of hacked WordPress sites I see were running an out of date plugin with a known hole in it. When a plugin publishes an update that fixes a security issue, that update is also a public announcement of exactly how to attack any site that has not applied it yet. Log in, look at the updates screen, and if it is a wall of red, that is your answer. Update the plugins, the themes and WordPress itself, ideally straight after taking a backup so you can step back if an update breaks a page.",{"type":156,"content":173},[174],{"text":175,"type":160},"The harder part is the plugins nobody maintains any more. If a plugin has not had an update in two or three years, it is not finished, it is abandoned, and it will never get the next security fix. Those are the ones I hunt for first, because a dead plugin is a hole waiting to be found.",{"type":162,"attrs":177,"content":178},{"level":164},[179],{"text":180,"type":160},"Sort your logins out",{"type":156,"content":182},[183],{"text":184,"type":160},"A depressing number of sites still have a user called admin with a password someone could guess over a cup of tea. Attackers do not sit there typing, they point automated tools at your login page and try thousands of combinations a minute. Two things stop that cold. Use a long, unique password you do not use anywhere else, and turn on two factor authentication so that a password on its own is not enough to get in. And if there are old accounts lying around for a developer who left or a member of staff who moved on, remove them. Every login is a door, and you want as few doors as possible.",{"type":162,"attrs":186,"content":187},{"level":164},[188],{"text":189,"type":160},"Check who your host actually is",{"type":156,"content":191},[192],{"text":193,"type":160},"Cheap shared hosting is where a lot of security problems quietly begin. Good hosting keeps the server software patched, keeps your site walled off from the other sites on the same machine, and gives you a firewall and automatic backups without you having to ask. The bargain-bin plans often do none of that, and you only find out when something goes wrong. You do not need the most expensive host in the world. But if yours cannot give you a straight answer about how they handle backups and updates, that in itself tells you something.",{"type":162,"attrs":195,"content":196},{"level":164},[197],{"text":198,"type":160},"Make sure you actually have backups",{"type":156,"content":200},[201],{"text":202,"type":160},"Security is not only about keeping people out, it is about how fast you recover when something gets through. A site that is hacked but has a clean backup from last night is an afternoon of work. A site with no backup is a rebuild, and possibly a lost business week. Your backups should run automatically, live somewhere other than the same server as the site, and, this is the bit people skip, actually be tested by restoring one once in a while. An untested backup is just a hope with a nice name.",{"type":162,"attrs":204,"content":205},{"level":164},[206],{"text":207,"type":160},"The quiet extras",{"type":156,"content":209},[210],{"text":211,"type":160},"A few more that take minutes and close the gaps attackers rely on:",{"type":213,"content":214},"bulletList",[215,222,228,234],{"type":216,"content":217},"listItem",[218],{"type":156,"content":219},[220],{"text":221,"type":160},"Run the whole site over HTTPS. The padlock in the browser is the baseline now, and it is usually free through your host.",{"type":216,"content":223},[224],{"type":156,"content":225},[226],{"text":227,"type":160},"Add a reputable security plugin or a web application firewall to block the obvious automated attacks before they ever reach your login.",{"type":216,"content":229},[230],{"type":156,"content":231},[232],{"text":233,"type":160},"Turn off file editing from inside the WordPress admin, so a stolen login cannot rewrite your site's code straight from the browser.",{"type":216,"content":235},[236],{"type":156,"content":237},[238],{"text":239,"type":160},"Keep an eye on who can log in and at what level. Not everyone who touches the site needs to be a full administrator.",{"type":162,"attrs":241,"content":242},{"level":164},[243],{"text":244,"type":160},"When to get someone to look properly",{"type":156,"content":246},[247],{"text":248,"type":160},"Most of the above you can do yourself, and honestly I would rather you did. But if your site is already behaving oddly, redirecting somewhere strange, sending spam, or getting flagged by Google, it may already be compromised, and cleaning a hacked site properly is a job for someone who has done it before. It is also worth a professional pass if the site is how you make your money and you would rather not gamble with it.",{"type":156,"content":250},[251,253,259,261,266],{"text":252,"type":160},"I do this kind of health check and clean-up for small businesses around Hull and East Yorkshire, as a freelance developer you actually talk to rather than an agency queue. If you want a second pair of eyes on your site, I run a free thirty minute surgery where we go through it together and I tell you honestly what needs doing, whether that is a five minute fix or something bigger. You can ",{"text":254,"type":160,"marks":255},"see how I work with WordPress",[256],{"type":257,"attrs":258},"link",{"href":79},{"text":260,"type":160}," or ",{"text":262,"type":160,"marks":263},"book a free surgery",[264],{"type":257,"attrs":265},{"href":28},{"text":267,"type":160},". Security is one of those things that feels invisible right up until the day it very much is not, and an hour of boring maintenance now is a lot cheaper than a rebuild later.","tiptap","","2026-07-09T08:00:00+00:00","A plain-English WordPress security checklist from a Hull web developer: updates, logins, hosting, backups and the gaps that get small sites hacked.",{},1784188827674]