WordPress Security
WordPress Security Automation: Set It and Protect It
Automate your WordPress security tasks for consistent protection. Learn how to set up automatic updates, scans, backups, and monitoring.
S
Sarah Chen
8 min read
1,475 views
Manual security tasks get forgotten or delayed. Automating your WordPress security ensures consistent protection without constant attention. Set up automated updates, scans, backups, and monitoring to maintain security around the clock.
What to Automate
- Core updates - WordPress core patches
- Plugin/theme updates - Security fixes
- Backups - Regular snapshots
- Security scans - Malware detection
- Log monitoring - Threat detection
- Certificate renewal - SSL maintenance
Automatic Updates
Configure Auto-Updates
// Enable automatic updates in wp-config.php
define('WP_AUTO_UPDATE_CORE', true);
// Or use filters for granular control
// Enable all plugin auto-updates
add_filter('auto_update_plugin', '__return_true');
// Enable all theme auto-updates
add_filter('auto_update_theme', '__return_true');
// Selective plugin updates (recommended)
function selective_auto_updates($update, $item) {
// Always auto-update these security-critical plugins
$auto_update_plugins = array(
'wordfence/wordfence.php',
'wp-folder-shield/wp-folder-shield.php',
'woocommerce/woocommerce.php'
);
if (in_array($item->plugin, $auto_update_plugins)) {
return true;
}
// Don't auto-update plugins that might break things
$manual_update_plugins = array(
'custom-critical-plugin/critical.php'
);
if (in_array($item->plugin, $manual_update_plugins)) {
return false;
}
return $update;
}
add_filter('auto_update_plugin', 'selective_auto_updates', 10, 2);Update Notifications
// Notify admin after auto-updates
function notify_after_auto_update($results) {
$message = "WordPress automatic updates completed:
";
if (!empty($results['core'])) {
$message .= "Core: Updated to " . $results['core'] . "
";
}
if (!empty($results['plugin'])) {
$message .= "
Plugins updated:
";
foreach ($results['plugin'] as $plugin) {
$message .= "- " . $plugin->name . "
";
}
}
wp_mail(
get_option('admin_email'),
'WordPress Auto-Update Report',
$message
);
}
add_action('automatic_updates_complete', 'notify_after_auto_update');Automated Backups
// Schedule automated backups
function schedule_automated_backups() {
// Daily database backup
if (!wp_next_scheduled('daily_database_backup')) {
wp_schedule_event(time(), 'daily', 'daily_database_backup');
}
// Weekly full backup
if (!wp_next_scheduled('weekly_full_backup')) {
wp_schedule_event(time(), 'weekly', 'weekly_full_backup');
}
}
register_activation_hook(__FILE__, 'schedule_automated_backups');
function perform_database_backup() {
global $wpdb;
$backup_dir = WP_CONTENT_DIR . '/backups/';
if (!file_exists($backup_dir)) {
mkdir($backup_dir, 0755, true);
}
$filename = $backup_dir . 'db-' . date('Y-m-d-His') . '.sql';
// Export database
$tables = $wpdb->get_col("SHOW TABLES LIKE '{$wpdb->prefix}%'");
$sql = "";
foreach ($tables as $table) {
$sql .= export_table($table);
}
file_put_contents($filename, $sql);
// Compress
$gzfile = $filename . '.gz';
$gz = gzopen($gzfile, 'w9');
gzwrite($gz, file_get_contents($filename));
gzclose($gz);
unlink($filename);
// Clean old backups (keep 30 days)
cleanup_old_backups($backup_dir, 30);
}
add_action('daily_database_backup', 'perform_database_backup');Automated Security Scans
// Schedule regular security scans
function schedule_security_scans() {
if (!wp_next_scheduled('daily_security_scan')) {
wp_schedule_event(time(), 'daily', 'daily_security_scan');
}
}
register_activation_hook(__FILE__, 'schedule_security_scans');
function perform_security_scan() {
$issues = array();
// Check file integrity
$modified_files = check_core_integrity();
if (!empty($modified_files)) {
$issues['core_integrity'] = $modified_files;
}
// Check for suspicious files
$suspicious = scan_for_malware(WP_CONTENT_DIR . '/uploads/');
if (!empty($suspicious)) {
$issues['suspicious_files'] = $suspicious;
}
// Check user accounts
$inactive_admins = check_inactive_admins(90);
if (!empty($inactive_admins)) {
$issues['inactive_admins'] = $inactive_admins;
}
// Check for available updates
$updates = get_plugin_updates();
if (!empty($updates)) {
$issues['plugin_updates'] = array_keys($updates);
}
// Report if issues found
if (!empty($issues)) {
report_security_issues($issues);
}
// Log scan completion
update_option('last_security_scan', current_time('mysql'));
}
add_action('daily_security_scan', 'perform_security_scan');Log Monitoring Automation
// Automated log analysis
function analyze_security_logs() {
$alerts = array();
// Check for brute force attempts
$failed_logins = count_failed_logins_today();
if ($failed_logins > 100) {
$alerts[] = "High failed login count: {$failed_logins}";
}
// Check for 404 spikes (potential scanning)
$four_oh_fours = count_404_errors_today();
if ($four_oh_fours > 500) {
$alerts[] = "Unusual 404 errors: {$four_oh_fours}";
}
// Check for blocked IPs
$blocked = count_blocked_ips_today();
if ($blocked > 50) {
$alerts[] = "High blocked IP count: {$blocked}";
}
if (!empty($alerts)) {
send_security_alert(implode("
", $alerts));
}
}
add_action('hourly_log_analysis', 'analyze_security_logs');Automation Best Practices
- Test updates in staging first
- Set up update notifications
- Monitor automation health
- Have manual override procedures
- Review logs periodically
Conclusion
Automation ensures consistent security without constant manual intervention. Set up automatic updates, backups, scans, and monitoring, but always maintain oversight and manual override capabilities.
S
Written by Sarah Chen
WP Folder Shield Team
