How to Use the WP Toolkit to Secure and Update WordPress

Posted on by Luke Cavanagh
Reading Time: 5 minutes

What is the WP Toolkit?

The WP Toolkit is a set of solid features that can be used directly from your site's cPanel or Plesk control panel for your WordPress site. The WP Toolkit includes many valuable features, making updating plugins, themes, and WordPress core easily secures your WordPress website. You can also run a security scan on your site, and plugin vulnerabilities can be easily found. 

The vulnerability data is from Patchstack, and the results will show directly in your control panel. If you want to check that your WordPress core version verifies to match the version that you are using, then you can run a checksum directly in the control panel. Running a checksum of WordPress core will help you find files that are modified or should not exist in WordPress core.

One of the newest features to be added to the WP Toolkit is smart PHP updates which clone the site and runs it on different PHP versions to test for issues. The production site can be safely changed to a different PHP version if no problems are found. You should use the smart PHP updates feature when switching to a newer PHP version.

You will find your site's WP Toolkit from within the logged-in control panel, either cPanel or Plesk.

Use the WP Toolkit to Secure and Update WordPress

Securing WordPress With the WP Toolkit

Step 1:

If you need clarification on what each hardening option does, click the tooltip (the symbol to the right of the name), and a window appears with an explanation. By default, none of the security options will be selected.

Click the checkbox next to all the hardening options you want to apply to your site and click Secure to save them.

Click the Check Security button to confirm the correct security hardening settings have been applied.

Step 2:

It is also recommended to verify the checksums of WordPress core. This will help you find out if there are files in WordPress core on your site that have been updated and files that have been added that should not exist in the WordPress site. You can also reinstall WordPress core files from within the WP Toolkit portal.

Any known WordPress vulnerabilities will be shown in the WordPress Vulnerabilities tab, which can be found inside the Security Status section in the WP Toolkit.

Updating WordPress With the WP Toolkit

Step 1:

The WordPress core is the most crucial part of your site and should be kept updated. WordPress typically has a couple of major releases per year. In addition, minor WordPress core releases are typically released for bug and security fixes. Therefore, it is always recommended to install minor WordPress core releases.

Whether creating a new WordPress site or updating an existing one, you can set which major and minor updates for WordPress core should be automatically updated. You can also specify how plugins and themes are installed on the site. You can force plugins and themes to be updated on WordPress as well.

Step 2:

The plugins and themes you installed are other parts of your WordPress site that should be updated. Plugins that are not updated still use an outdated version, which has security issues and is one of the most significant sources of malware infection. Waiting weeks to update plugins is not recommended since your site would be protected sooner by ensuring that plugin updates are regularly made on your site.

The preferred way to keep plugins updated on your site would be using the Smart Update feature in WP Toolkit since this feature will create a test version of the site and check that the site is not broken after the plugin has been updated.

Once the process has finished, you can confirm updating the plugin, which updates it on the production site.

Plugins can be updated in the portal of the WP Toolkit, and you can set the installed plugins to be auto-updated.

Step 3:

Themes can also be controlled in the WP Toolkit portal. For example, you can delete and update themes and set which ones should be auto-updated.

Other WP Toolkit Considerations

The WP Toolkit gives a clear sense of the status and tools enabled on your site. For performance reasons, is it recommended to set the replacement for a server-side cron to run WP Cron on your site.

WP Toolkit also includes hotlink protection and an easy-to-use backup and restore feature to create a backup before updating plugins and themes. The backups created can be accessed as you would do from within the cPanel control panel.

Final Thoughts

WP Toolkit is a fully integrated solution for WordPress which can be accessed from within your cPanel or Plesk control panel. Keeping WordPress core updated and then setting if you want minor and major versions to update automatically will help keep your WordPress site secured and protected. 

It allows you to ensure your WordPress core files are clean and not compromised, or if there are files that have been modified or should not exist, you can reinstall a clean version of WordPress core in the same UI of the WP Toolkit. Backups can also easily be created directly in the WP Toolkit interface, which is the same cPanel-provided backups, and you can restore those backups in WP Toolkit.

Plugin and theme setting controls for automatic and smart updates ensure that plugin updates do not break your site. This feature stops the greatest source of site malware infections from happening on your site.

The secure WordPress site is easy to apply. Setting those protections on your site will work with security plugins, edge WAF protection such as those provided by Cloudflare, or server-run security solutions such as Immunify360.

cPanel or Plesk Hosting Options

Liquid Web’s VPS Hosting, Cloud Dedicated Servers, and Dedicated Servers with cPanel or Plesk provide excellent environments for your WordPress sites. If you need root access to your infrastructure for greater security and deeper integrations, contact the sales team at Liquid Web to find which one is right for you

Avatar for Luke Cavanagh

About the Author: Luke Cavanagh

Product Operations Manager at Liquid Web. Devoted husband and Tween wrangler. Synthwave enthusiast. Jerry Goldsmith fan. Doctor Who fan and related gubbins.

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article