When creating a WordPress site, you should think of how this site will be supported in the future, not only how to build it today.
WordPress releases multiple updates every year to patch security vulnerabilities. Being an open source software, once a flaw is found, everyone is aware of it and can try to exploit it to compromise your site. This makes it very important to keep your site updated regularly.
If your site gets hacked, we will have to take it offline until it is cleaned-up. Cleaning it up can be a very time consuming/costly task as there are a lot of places where malicious code can be hidden.
The more plugins you use, and the more you customize the theme, the higer the likelyhood that you will encounter problems when updating to the latest version. Usually, updates are very easy and are just a question of clicking on the update button. When you run into problems with plugins/themes that are no longer updated, or custom witten code, things might break when you update. At that point you will need a developper to move the content to a differnt plugin, fix the code or change the theme.
One plugin that we strongly encurage is the free version of WordFence. It will send your notifications about Updates and potential security problems with your site.
If you are getting too many notification emails from WordFence, we recommend these notification settings:
To improve the security of your site, we recommend these WordFence Firewall settings:
