60Web60

Understanding your website security settings

SmartHost & Web604 min read·

Website security is something every site owner should understand, even if you do not consider yourself technical. The good news is that Web60 handles most of the heavy lifting for you. This article explains what we do automatically and what you can do on your end to keep your website safe.

What Web60 does automatically

Every website hosted with Web60 comes with built in security features that are always active:

  • SSL certificate. Your website is served over a secure connection (the padlock icon in your browser). This encrypts all data between your visitors and your site, protecting passwords, form submissions, and personal information.
  • Firewall protection. Our servers include firewall rules that block common attacks before they ever reach your website. This runs in the background and requires no action from you.
  • Automatic nightly backups. Your website is backed up every night. If something goes wrong, you can restore your site to a previous version from your Web60 dashboard.
  • Server updates. We keep the underlying server software up to date with the latest security patches so you do not have to worry about it.

What you can do to stay safe

While Web60 handles the infrastructure, there are a few things on your side that make a big difference:

Keep your plugins and themes updated

Outdated plugins and themes are the most common way websites get compromised. When a developer releases an update, it often includes fixes for security weaknesses. Make it a habit to check for updates regularly in your WordPress editor and install them promptly.

If you are worried about an update breaking something, use your staging site to test it first.

Use strong passwords

Every account on your website should have a strong, unique password. A strong password is at least 12 characters long and includes a mix of letters, numbers, and symbols. Avoid using the same password across multiple websites.

If you manage a team, make sure everyone with access to your WordPress editor is using a strong password too.

Turn off debug mode on your live site

Debug mode is a useful tool for investigating problems on a staging site, but it should always be turned off on your live website. When debug mode is on, detailed error messages can be visible, and these messages can reveal information that could be useful to someone trying to break in.

You can check and manage debug mode from the settings in your Web60 dashboard.

Remove plugins and themes you are not using

Every plugin and theme on your website is a potential entry point for attackers, even if it is not active. If you are not using it, remove it entirely. This reduces the number of things that need to be kept up to date and lowers your risk.

Signs your website may have been compromised

Watch out for these warning signs:

  • Unexpected content appearing on your pages that you did not add
  • Your site redirects visitors to unfamiliar or suspicious websites
  • Search engines flag your site as unsafe or show warnings in search results
  • You cannot log in to your WordPress editor with your usual credentials
  • Your site runs much slower than normal for no obvious reason
  • You receive reports from visitors about strange pop ups or downloads

What to do if something goes wrong

If you suspect your website has been compromised, take these steps:

  1. Contact Web60 support immediately. Visit our support page and let us know what you have noticed. The sooner we know, the faster we can help.
  2. Do not try to fix it yourself. Making changes to a compromised site without knowing exactly what happened can make things worse or destroy evidence that helps us identify the problem.
  3. We will investigate and restore. Our team will look into what happened, clean up any damage, and restore your website from a clean backup if needed.

Need help?

If you have any concerns about your website security or want advice on staying safe, visit our support page and our team will be glad to help.

Frequently asked questions

Does Web60 protect my website automatically?

Yes. Every Web60 website comes with an SSL certificate, firewall protection, and automatic nightly backups at no extra cost. These features are always active and require no setup on your part.

How do I know if my website has been hacked?

Warning signs include unexpected content appearing on your pages, your site redirecting visitors to unfamiliar websites, search engines flagging your site as unsafe, or being unable to log in to your WordPress editor. If you notice any of these, contact support immediately.

What should I do if I think my site is compromised?

Contact Web60 support straight away. Do not try to fix it yourself, as this could make things worse. Our team can investigate, clean up any damage, and restore your site from a backup if needed.

Why is it important to keep my plugins updated?

Outdated plugins are one of the most common ways that websites get compromised. Plugin developers release updates to fix security weaknesses. Keeping your plugins up to date closes those gaps and keeps your site safe.

Last updated: 15 March 2026

← PreviousHow to configure your analytics tracking

Still need help?

Contact our support team for personalised assistance.

Contact Support