WordPress FAQs.

We get asked a lot of questions about WordPress. This list of Frequently Asked Questions goes in depth about what we cover in our services to maintain your WordPress website and keep it running fast, safe and secure.

Compare Our Maintenance Plans

What are Cloud Backups?

A cloud website backup service is a great way to ensure that your website's data is safe and sound. By storing your website's data in the cloud, you can rest assured that it will be there when you need it, no matter what happens to your computer or servers. And, if you ever need to restore your website from a backup, Website HQ can do so with just a few clicks with our cloud backup service. There's no need to worry about losing important data or having to start your website from scratch.

Each Website HQ maintenance client receives daily on, and offsite cloud backups, which means you're protected should something unexpected happen.

What is an SSL Certificate?

An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. When a web browser attempts to connect to a secured website with an SSL certificate, the browser verifies that the certificate is valid and trusted. If the certificate is valid, the browser encrypts all communication between itself and the website. This encryption makes it much more difficult for hackers to intercept and read any sensitive information transmitted. In addition, all major web browsers display a padlock icon when a website uses a valid SSL certificate in the address bar. This visual helps visitors quickly identify which websites are safe to use.

SSL Certificate Lock Icon in Browser

While most people understand the importance of SSL-secured websites, many do not know how SSL certificates work. An SSL certificate contains two critical pieces of information: public and private keys. Both keys are generated by the Certificate Authority (CA) when the certificate is issued. The CA also conducts several other checks to ensure the website is legitimate before issuing the certificate. Once issued, the SSL certificate must be installed on the webserver to secure communications.

If you operate a website, then it is essential to have an SSL certificate installed to protect your customers' information and maintain their trust. Not only will an SSL certificate help to keep your customer's data safe, but it will also boost your search engine ranking and improve conversion rates.

At Website HQ, your SSL Certificate is included with your maintenance and hosting service, so your website visitors' data is encrypted and safe.

What is Brute Force Protection?

Brute force protection for WordPress is a countermeasure against brute force attacks. A brute force attack is a trial-and-error method to obtain access to a system, typically by trying different username and password combinations until the correct combination is found. By blocking IP addresses used in previous brute force attacks, brute force protection can help prevent WordPress sites from being compromised. However, it is important to note that brute force protection is not a silver bullet, and WordPress sites should still be secured using other methods, such as two-factor authentication.

At Website HQ Brute Force Protection is included with all our Maintenance packages which means more uptime and less worry about your website.

What are WordPress Core Updates?

WordPress is a content management system (CMS) that powers millions of websites worldwide. One of the reasons WordPress is so popular is that it is easy to use and maintain. The WordPress core software is updated regularly to keep things running smoothly and to add new features. When a new version of WordPress is released, you will see a message in your WordPress dashboard telling you to update. Updating WordPress is simple and only takes a few minutes. Just click the update button and follow the prompts. It is essential to keep WordPress up to date, not only for security reasons but also to take advantage of new features and improvements.

When you’re a client with Website HQ, we monitor your website daily and keep the WordPress Core files up-to-date so you can focus on your business and not be a WordPress technician.

What is a WordPress Theme?

WordPress themes are pre-designed templates you can install on your WordPress site to change its appearance. Thousands of free and paid themes are available, so you're sure to find one that suits your needs. Themes can be installed directly from the WordPress admin panel, or you can download them from third-party sites and upload them to your server. Once a theme is activated, it will take over the styling of your website, giving it a completely new look.

When Website HQ designs your website, we provide the themes and keep them updated, too, so you don't have to worry about the technical details.

What are WordPress Plugins?

WordPress plugins are small bundles of software that add features and functionality to your WordPress site. There are plugins for just about everything, from contact forms to eCommerce. In addition, you can find plugins to help with SEO, social media, and security. Some plugins are free, while others must be purchased. Once you have found a plugin you want to use, simply install it on your WordPress site and activate it. Then you’ll be able to start using the new features or functionality it provides. With so many useful plugins available, there’s no reason not to take advantage of them and add some extra power to your WordPress site.

All Website HQ clients’ websites are monitored daily for plugins, themes, and WordPress updates, which means you can focus on growing your business instead of worrying about your website.

Are WordPress Plugins Risky?

While plugins can add a lot of value to a WordPress site, they pose a security risk. WordPress plugins can be free or premium, but they are pieces of software code developed by third-party developers that are added to your WordPress site. Any time you add code to your site, you increase the potential for vulnerabilities. Fortunately, you can take some simple steps to minimize the risk of using WordPress plugins. First, only install plugins from trusted sources. Second, make sure you keep your plugins up to date. And finally, delete any plugins that you're not using. By taking these precautions, you can enjoy the benefits of WordPress plugins without putting your site at risk.

We only install plugins from trusted developers, so you can rest assured your website is safe.

Book a Website Discovery Call Today

What is 2-Factor Authentication?

2-Factor Authentication, also called 2FA, is an extra layer of security used to protect your WordPress account. When you enable 2FA, you'll be required to enter not only your password but also an additional piece of information before logging in. This second factor can be a code generated by an app on your phone, or it may be something physical like a security key. Either way, it's an extra step that makes it much harder for someone to hack into your account. While it's not foolproof, 2FA is a critical security measure that can help to protect your site.

What is a Secure Password?

A secure password is a crucial ingredient in protecting your online information. A good password should be at least eight characters long and include a mix of upper and lowercase letters, numbers, and special symbols. Avoid using easily guessed words like “password” or personal information like your birthdate. Choosing a different password for each of your online accounts is also essential. If one account is hacked, your other accounts will remain safe. By taking these simple steps, you can help keep your online information safe and secure.

What is a Firewall?

A website firewall is a security measure used to protect your site from being hacked. It works by blocking malicious requests before they reach your website, which can help to prevent WordPress hacking attempts and other unwanted WordPress activity. WordPress firewalls can also block specific IP addresses, which can be helpful if you have someone repeatedly trying to access your site. For WordPress, firewalls are available as plugins or as a service from a WordPress security company. If you're serious about WordPress security, then a WordPress firewall is an essential tool.

Every website hosted and maintained by Website HQ receives Firewall Protection (WAF) with their service, which means your site stays protected and online around the clock.

What is Malware

Malware is a type of software designed to damage or disable computers, computer systems, or websites; it can be used to steal personal information, destroy data, or take control of a computer. Malware is often spread through email attachments or downloads from infected websites. Malware can also be installed on a computer by an attacker with physical access to the machine. Once malware is installed, it can be difficult to remove and cause significant financial damage to businesses and individuals.

What is a Malware Scan?

A malware scan is a process that scans a website for malicious code. This type of scan can help to detect and remove viruses, worms, Trojans, and other types of malware. A malware scan can be performed manually or automatically. Automatic scans are often performed by security software, while manual scans require someone to check a website's code manually. A malware scan is important in keeping a website safe from attack. By removing malicious code, a website can prevent damage to its reputation and thwart attacks from cyber criminals.

Website HQ clients’ WordPress websites are scanned multiple times each day to protect them against a malware attack. And, if your website is ever breached, we fix it at no additional cost. So we are giving you peace of mind that your website is safe.

What is a Fake Website Crawler?

A fake website crawler (spider) is a bot designed to mimic a real user by visiting websites and realistically interacting with them. This can be done for various reasons, such as to test the site's security or to gather data about its content and structure. Fake website spiders can be complicated to detect, as they often use sophisticated methods to disguise themselves. However, some telltale signs can give them away, such as unusually high traffic levels or unexpected links appearing on the site. If you suspect that a fake website spider is present on your site, it is important to take steps to block it from accessing your content. Otherwise, it could potentially cause serious harm to your business. In addition, a fake website spider uses your allocated resources and can impact your analytics measurement data.

What is WordPress Database Optimization?

WordPress is a content management system (CMS) that enables you to create a website or blog from scratch or to improve an existing website. One of the advantages of WordPress is that it uses a database to store your content, which makes it easy to organize and manage. However, your WordPress database can become bloated with outdated or unused data, impacting its performance over time. Database optimization is cleaning up your WordPress database and removing unnecessary data. This process can help to improve your site's speed and performance and to reduce the risk of errors. Several ways to optimize your WordPress database include using a plugin or tool, accessing your database directly, or making changes to your wp-config.php file. While some users may be comfortable making changes to their database directly, it is usually best to leave this to a professional if you are not confident. If done improperly, database optimization can cause severe problems with your website. Therefore, it is essential to back up your database before making any changes. Once you have backed up your database, you can use a plugin or tool to remove unwanted data or make changes to your wp-config.php file to optimize how WordPress stores data in your database.

The WordPress Experts at Website HQ keep your website optimized for speed and performance as a part of all our maintenance service plans which means your website visitors have a great user experience.

What are Authentication Keys for a Website?

When you visit a website, your browser sends a request to the website's server. The server then responds with the requested information displayed in your browser. However, the request and response are not always simple exchanges of information. Sometimes, the server may require additional information from your browser before it can fulfill the request. For example, if you are trying to log in to a website, the server will need to confirm your identity before it can provide you with access to the site. This confirmation is typically done using authentication keys. Authentication keys are unique strings of characters used to verify a user's identity. They are generally used with a username and password, and they help ensure that only authorized users can access a given website. While authentication keys are not required for all websites, they are often used for sites that contain sensitive or confidential information. By requiring authentication keys, these sites can help to ensure that only authorized users can access their content.

What is Real-Time Monitoring?

Real-time monitoring for a website is a process of continuously checking the uptime, performance, and functionalities of a website. It helps ensure that the website runs smoothly and that visitors can always access the information they need. Many different tools are available for real-time monitoring, ranging from simple ping tests to more sophisticated systems that track every aspect of a website's performance. In most cases, real-time monitoring is carried out by dedicated website monitoring services. These services use various methods to check website uptime and performance, including pinging the site regularly, checking server logs, and tracking user activity. By continuously monitoring a website, businesses can be sure that their online presence is always up and running smoothly.

At Website HQ, we monitor our clients’ websites daily to keep the software up-to-date, prevent security breaches, and scan for malware. This means you can focus on growing your business instead of becoming a WordPress expert.

What is Comment Spam Filtering?

Comment spam filtering is a service that helps to protect your website from spam comments. Automated scripts often generate spam comments and can be difficult to spot. They may contain links to nefarious websites, or they may simply be trying to advertise a product or service. Either way, they can be a nuisance for website owners and visitors. Comment spam filtering services work by identifying and flagging spam comments, making it easier for website owners to moderate their comment sections. In some cases, the service may even prevent the comment from being posted in the first place. Using a comment spam filtering service can help keep your website clean and safe from unwanted spam.

Website HQ recommends plugins and monitoring services to reduce comment spam for all our clients’ WordPress websites so your website isn't littered with unwanted and unruly comments.

What is a DNS Change Alert?

First, it is essential to understand that DNS stands for Domain Name System. It is a system that translates domain names (like www.example.com) into IP addresses (like This is necessary because devices connect to the internet using IP addresses, but people remember domain names much more quickly. So, when you type a domain name into your web browser, your computer will contact a DNS server to get the IP address associated with that domain name. The DNS server will then return the IP address, and your browser will be able to connect to the website. DNS servers are run by ISPs and other companies worldwide, and they usually contain a cache of commonly-requested IP addresses to speed up the process.

A DNS change alert is a notification sent out whenever a change is made to a domain's DNS records. This can help keep track of changes to a domain, as well as keep an eye on potential security risks. For example, if someone were to change a domain's DNS records maliciously, it could cause the domain to become inaccessible or redirect to a malicious website. By setting up a DNS change alert, you can be notified anytime there is a change to a domain's DNS records so that you can take action if needed.

Website HQ protects our clients’ websites with change alert monitoring, which means your domain can't be stolen and moved.

What is DDoS Mitigation?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.

A DDoS attack is typically initiated by targeting a single system connected to the Internet. The attacker sends a large amount of seemingly legitimate traffic to the victim system to overload it or its surrounding infrastructure. This results in the disruption of regular traffic as legitimate requests struggle to be processed. Common symptoms of a DDoS attack include slow performance, intermittent outages, and complete shutdowns.

Despite their sophisticated nature, DDoS attacks are relatively easy to execute. Attackers can rent or buy botnets—networks of hijacked computers—to do their bidding. Once they have control of these botnets, they can use them to flood their targets with illegitimate traffic, bringing applications and services offline. In some cases, attackers will also target infrastructure resources like DNS servers to make a website inaccessible.

DDoS and DoS attacks are not the same. For example, a DDoS attack attacks a single system, while a DDoS attack targets multiple systems. In addition, DDoS attacks are more difficult to stop and cause more damage than DoS attacks. Therefore, DDoS attacks are often considered more severe.

DDoS mitigation is protecting a network or system from a DDoS attack. There are a variety of mitigation strategies to employ depending on the specific needs of the network or system. One common approach is to use a series of DHCP servers to distribute IP addresses to clients, making it more difficult for attackers to target a single IP address. Another common strategy is to use rate-limiting rules to limit the amount of traffic directed at a given IP address. Regardless of the specific approach, the goal of DDoS mitigation is to make it more difficult for attackers to launch a DDoS attack successfully.

All Website HQ all clients receive DDoS Mitigation to protect their website to ensure up-time and availability around the clock.

Our Maintenance Plans Feature

  • Optimized Speed + Performance
  • Free CDN
  • Free SSL Certificates
  • Domain Management Assistance
  • 3x Daily Site Backups
  • 2x Daily Malware Scans
  • Website Firewall
  • Malware Removal + Cleanup
  • DDOS Mitigation

Have questions?

Jump on a call to discover how we can help you with your website.