UKC

How to Safely Update Your WordPress Website (Step-by-Step)

If your WordPress site is out of date, it’s important to update it to keep it secure and running properly.

Some customers prefer to handle this themselves, so below is a simple guide to what’s involved and the steps you should follow.

⚠️ Before You Start

Updating WordPress is not always risk-free, especially on older sites or those with lots of plugins.

If something goes wrong, your site could break or become inaccessible.

👉 That’s why preparation is essential.

Step 1: Take a Full Backup

Before making any changes:

  • Back up your website files
  • Back up your database

This ensures you can restore your site if anything goes wrong.

Step 2: Update WordPress Core

  • Log in to your WordPress dashboard
  • Apply any available WordPress updates

⚠️ If your site is very old, updates may need to be applied gradually rather than all at once.

Step 3: Update Plugins and Themes

  • Update all plugins
  • Update your active theme
  • Remove any plugins or themes you no longer use

👉 Outdated or unused components are one of the most common causes of issues.

Step 4: Check PHP Version

Your hosting uses PHP, which also needs to be up to date.

  • Check your current PHP version
  • Upgrade to a supported version if needed

⚠️ Older WordPress sites may not be compatible with the latest PHP versions, so proceed carefully.

Step 5: Improve Security

To help protect your site:

  • Install a security plugin (e.g. Wordfence)
  • Disable access to sensitive files where possible
  • Restrict unnecessary features (like XML-RPC if not needed)

Step 6: Clean Up Your Site

  • Remove unused themes and plugins
  • Delete any duplicate or old WordPress installations
  • Check for unnecessary files

👉 Keeping your site clean reduces security risks.

Step 7: Test Your Website

After updates:

  • Check your pages load correctly
  • Test forms and key functionality
  • Make sure everything looks as expected

Step 8: Secure Access

  • Use strong passwords
  • Remove unused admin accounts
  • Ensure database access is properly restricted

Step 9: Take a Fresh Backup

Once everything is working:

  • Take a new backup of your updated site

This gives you a clean restore point.

⚠️ A Final Note

While the steps above are straightforward in principle, older or more complex websites can run into:

  • compatibility issues
  • plugin conflicts
  • layout problems after updates

This is why updates are often handled carefully and tested throughout the process.

Prefer Us to Handle It?

If you’d rather not risk breaking your site, we’re happy to take care of everything for you.

Our WordPress Upgrade Service includes:

  • Safe updates to WordPress, plugins, and themes
  • Security hardening
  • Cleanup of unused components
  • Full testing and verification

👉 Simply reply to your ticket or place an order, and we’ll handle it for you.

My Website Has Been Compromised and Disabled – What Happens Next?

Last updated: 21 December 2025

If you are reading this page, it means your website was detected performing malicious or abusive activity and has been temporarily disabled to protect our network and other customers.

We understand this can be stressful. This page explains why this happenswhat your options are, and how we can help you get back online safely.

Why was my site disabled?

Your website was disabled because it showed signs of compromise, such as:

  • malicious outbound connections
  • brute-force or scanning activity
  • malware files detected in the website files
  • reports from our upstream providers or security partners

When this happens, we must act quickly to prevent:

  • further damage to your website
  • blacklisting of server IP addresses
  • disruption to other customers

Disabling access is a temporary containment measure, not a punishment.

What does “disabled” mean?

In most cases:

  • your website will not be publicly accessible
  • email services are not affected
  • your data has not been deleted

The site is simply prevented from loading until the issue is resolved.

Your options to get back online

You have three main options, depending on your situation.

If you would like us to handle everything for you, we offer a WordPress Rescue Service, which includes:

  • full malware and backdoor cleanup
  • removal of malicious files and processes
  • WordPress core, plugin, and theme updates
  • security hardening to reduce future risk
  • verification before re-enabling the site

This is the fastest and safest way to get your site back online.

👉 Ideal if you are not technical or want peace of mind.

Option 2 – Reset and reinstall WordPress

If you prefer to start fresh:

  • we can reset the website document root
  • you reinstall WordPress from scratch
  • you restore content manually or from a clean backup
  • security plugins and updates must be applied before reactivation

👉 Suitable if the site is small or content can be easily recreated.

Option 3 – Clean the site yourself

If you choose to clean the site yourself:

  • all malware and suspicious files must be removed
  • WordPress core, plugins, and themes must be updated
  • basic security measures must be in place
  • the site will be reviewed before re-enabling

Please note: incomplete cleanups often result in re-infection.

What happens after cleanup?

Once cleanup or rebuilding is complete:

  1. you notify our support team
  2. we verify the site is no longer compromised
  3. public access is restored

Preventing this from happening again

After recovery, we strongly recommend:

  • keeping WordPress, plugins, and themes updated
  • using strong passwords and two-factor authentication
  • running a reputable WordPress security plugin
  • removing unused plugins and themes

You can read our full Minimum WordPress Security Requirements article for details.

Need help deciding?

If you are unsure which option is best for you, open a support ticket and we will be happy to advise based on:

  • site size
  • content importance
  • technical experience
  • budget

Final note

Website compromises are unfortunately common and not a reflection on you.

What matters most is resolving the issue properly and preventing a repeat.

We’re here to help you get back online safely.

Minimum WordPress Security Requirements

Last updated: 21 December 2025

To protect our network and our customers, all WordPress websites hosted with UK Cheapest must meet the minimum security requirements outlined below.

Websites that do not meet these requirements are at a significantly higher risk of being hacked and may be temporarily restricted if they pose a security or abuse risk.

Why this is required

WordPress is a popular platform and is frequently targeted by automated attacks.

Most compromises occur due to:

  • outdated WordPress core
  • vulnerable or abandoned plugins
  • weak passwords
  • lack of basic security protection

Once a site is compromised, it can be used to send spam, perform attacks, or host malicious content. These activities can result in service disruption or action by upstream providers.

Minimum security requirements (mandatory)

All WordPress installations must meet all of the following requirements.

1. Keep WordPress fully up to date

  • WordPress core must be kept on the latest stable version
  • All themes and plugins must be kept up to date
  • Any themes or plugins that are not actively used must be deleted, not just disabled

2. Use strong login credentials

  • Strong, unique passwords must be used for all WordPress admin accounts
  • Do not reuse passwords from other websites or services
  • Remove any unused admin or user accounts

3. Install a security plugin

A reputable WordPress security plugin must be installed and active.

Examples include (but are not limited to):

  • Wordfence
  • iThemes Security / Solid Security
  • All In One WP Security

The security plugin should provide basic protection such as login rate limiting and malware scanning.

4. Protect the login page

At least one of the following must be enabled:

  • login rate limiting
  • CAPTCHA
  • two-factor authentication (recommended)

This significantly reduces brute-force and credential-stuffing attacks.

5. XML-RPC protection

  • XML-RPC must be disabled if it is not required, or
  • protected via a security plugin

Unprotected XML-RPC is a common attack vector.

6. File and plugin hygiene

  • No executable files or custom binaries should exist in the website document root
  • Plugins and themes must only be installed from trusted sources
  • Pirated, nulled, or unverified plugins/themes are not permitted

If your site is compromised

If a WordPress site is found to be compromised or generating malicious activity:

  • the site may be temporarily restricted to prevent further abuse
  • cleanup or rebuilding will be required before the site can be re-enabled

UK Cheapest offers a WordPress Rescue Service for customers who would like us to professionally clean and secure their site.

Important note

Meeting these minimum requirements significantly reduces risk, but no website can be guaranteed to be completely immune from attack. Ongoing maintenance and updates are essential for long-term security.

Need help?

If you would like assistance securing your WordPress site, or if you are unsure whether your site meets these requirements, please open a support ticket and our team will be happy to advise.

DKIM Support Now Available in the Client Area DNS Manager

We’re pleased to announce that you can now add DKIM (DomainKeys Identified Mail) records directly through the Client Area DNS Manager for all parked domains.

What is DKIM?

DKIM is an industry-standard email authentication system that helps protect your domain name from being used for spam or phishing. It works by digitally signing outgoing messages so that receiving mail servers can verify they were genuinely sent from your authorised mail source.

When DKIM is active:

  • Your emails are less likely to be marked as spam
  • Recipients can trust that messages really came from you
  • Your domain reputation and deliverability improve

How it Works

Every DKIM setup uses two keys:

  • private key, stored safely on the mail server that sends your messages
  • public key, published in your domain’s DNS as a TXT record

When an email is sent, your mail server signs it with the private key. The receiving system checks that signature using the public key in your DNS.

Adding DKIM in the Client Area

If your mail service (for example Google Workspace, Microsoft 365, or your own server) provides you with a DKIM record, you can now publish it in just a few clicks.

  1. Log in to your Client Area at https://www.uk-cheapest.co.uk
  2. Go to Domains → Manage Domain → DNS Manager
  3. Add a new TXT record
    • Host/Name: the DKIM selector (for example, default._domainkey)
    • Value: the full DKIM record starting with v=DKIM1; k=rsa; p=…
  4. Save changes and allow a few minutes for DNS to update

Once published, your mail provider’s DKIM checks should confirm that your domain is correctly authenticated.

Frequently Asked Questions

1. Do I need to set up DKIM for my domain?

If you send email using your domain name, yes – DKIM is strongly recommended. It helps protect your domain’s reputation and improves email delivery by verifying that messages weren’t altered in transit.

2. Where do I get my DKIM record?

Your DKIM record is generated by your email provider or mail server. For example, Google Workspace, Microsoft 365, or your web hosting control panel will each provide a v=DKIM1; p= record that you can copy and paste into your DNS Manager.

3. How long does it take for DKIM to start working?

Once you add your DKIM record, it can take anywhere from a few minutes to a few hours for DNS propagation. After that, emails sent from your domain should show as “signed” when checked by online DKIM testers.

4. Can I use DKIM on a parked domain?

Yes. Even if your domain is parked, you can add DKIM records in advance or if you’re routing mail through another system. This is especially useful for protecting your brand from spoofed messages.

5. What if my DKIM record doesn’t validate?

Check that your record is added as a single TXT entry, with no extra spaces, quotes, or missing characters. If you’re unsure, open a support ticket – our team will review your DNS record and help you get it verified.

Need Help?

If you’re unsure which DKIM record to use or your provider’s verification fails, open a support ticket and our team will review your DNS settings for you.

Tip: It’s normal to paste a DKIM record generated on another mail system into your DNS – just make sure it’s copied exactly as provided.

For further guidance, visit your email provider’s DKIM documentation or contact us anytime through the Client Area Support Centre.

Now Live – ChessOpeningsMastery.com

We are pleased to announce the launch of a brand new website now hosted on our UK infrastructure – Chess Openings Mastery.

👉 https://chessopeningsmastery.com

Chess Openings Mastery is a free, interactive training platform built to help chess players of all levels strengthen their opening repertoire through active repetition and structured drills.

The platform currently covers six major openings:

  • London System
  • Ruy Lopez
  • King’s Indian Defence
  • Caro-Kann Defence
  • Sicilian Defence
  • French Defence

With 54+ variations and move-by-move training exercises, the site is designed to help players build automatic recall from move one.

Each opening includes:

  • Detailed strategic guides
  • Key plans for both sides
  • ECO references
  • Famous practitioners
  • Structured drill training

Whether you play 1.e4 or 1.d4, as White or Black, Chess Openings Mastery provides focused practice designed to improve confidence in the early stages of the game.

We are proud to support growing online projects like this by providing fast, reliable UK hosting infrastructure.

If you are launching a new website and need dependable hosting backed by real support, explore our hosting services at https://uk-cheapest.co.uk.

Best of luck to the team behind Chess Openings Mastery – we look forward to watching the project grow.