Tag: security

No Excuses! Keeping WordPress Up to Date is Easy

Every once and awhile I will see an older version of WordPress when working on something for a client. Yesterday I saw a super blast from the past: WordPress 3.04. This prompted me to do a service announcement: keeping WordPress up to date is easy. Fixing a hacked version of WordPress can be complex.

Let’s break it down:
Keeping WordPress up to date is easy.

  • Easiest: automatic background updates (WordPress 3.7+)
  • Easy: One-click update (WordPress 2.7+)
  • Manual (still pretty easy – but not everyone is comfortable with FTP)

Documentation on updating WordPress: http://codex.wordpress.org/Updating_WordPress

Fixing a hacked version of WordPress can be complex.

  • Google can/will blacklist your site with Google Blacklist
  • Simple updates take moments, having someone find the source of the hack, fixing it, and cleaning up can take hours.
  • Did you really have a good backup? Whoops.
  • All passwords, secrets will need to be changed
  • Hacks can insert spam into your content. No one wants content spam
  • You will need to scan your site for malware to make sure everything is removed so it does not happen again right away

Documentation on what to do if your WordPress site has been hacked: http://codex.wordpress.org/FAQ_My_site_was_hacked

In the end:
You are going to have to update to the latest version of WordPress anyways. You have options (automatic, one click, manual) – not excuses.

Fix Missing Padlock for SSL Sites

Ever since Google announced that they would take into account whether sites use secure, encrypted connections as a signal in their search ranking algorithms, a lot of our clients have been moving towards making their sites use SSL. Most clients find out that after moving to a SSL site – that they get a warning saying that not all items on the site are loaded securely. No fear – figuring out how to fix that is easy!

Why is my SSL web page insecure?

In order to make the entire site load using SSL without warnings any references to assets (images, fonts, CSS, javascripts, etc) must all be served securely as well. There are a number of ways to find insecure items on your site but one of our favorites which our clients can easily use as well is: Why No Padlock?. By simply submitting your site or page URL – you can see what resources are loaded using SSL and which are not – making it easy to identify and fix the issue.

Screenshot of Why No Padlock?:

Follow directions to easily fix your insecure SSL warnings
Follow directions to easily fix your insecure SSL warnings

If you are looking for a quick and easy way to figure out a SSL issue – check out this free and easy to use site.

Security Alerts: Another Great Advantage to Hosting with WP Engine

Here at our company – we love WP Engine for many reasons. Sometimes it is hard to convince clients to update WordPress and WordPress plugins. Regardless of the reason, it generally ends up the same: their site gets hacked. Fortunately for those who are hosted with WP Engine – not only do they perform automatic WordPress updates, WP Engine also sends an email notification when a plugin that your site has installed needs to be updated because of security reasons.

Example:

Thank you for being a customer of WP Engine. Part of our commitment to our customers is to ensure their site is as secure as possible. We are contacting you today because we have identified a vulnerability in the xxxx Plugin version you are running. In order to ensure your site is secure, please update the plugin immediately.

That helpful email notification helps anyone hosted with them to be more proactive vs. reactive with security issues. Remember:

“An ounce of prevention is worth a pound of cure.”

– Benjamin Franklin

If you are looking for a secure WordPress host – consider WP Engine.

Be Smart: Update/Backup WordPress

Over the last two weeks we have been busy fixing a lot of issues for people that could have been avoided all together if two simple tasks were done:

  1. Backup your WordPress data
  2. Keep WordPress up to date

Luckily for most people – both of these tasks are simple and even automated. First of all – make sure you always have a recent backup of your WordPress database. There is a great plugin available (free) that will actually automate the process and even email you a copy of the database every x days, x weeks, etc. If you have one plugin installed with your WordPress site – install AND use WP-DB-Backup.

If you have a lot of media on your local server – make it a point to back that up every x days (whatever you can live with if something were to happen).

As for keeping WordPress up to date – it has never been more simple. When there is a new version of WordPress available – you will be notified when you log into your site. Simply click on the link to either download the latest version or to update WordPress right then and there. You cannot imagine how much time, effort, stress, and money simply updating WordPress can save you in the long run.