Every once and awhile I will see an older version of WordPress when working on something for a client. Yesterday I saw a super blast from the past: WordPress 3.04. This prompted me to do a service announcement: keeping WordPress up to date is easy. Fixing a hacked version of WordPress can be complex.
Let’s break it down:
Keeping WordPress up to date is easy.
- Easiest: automatic background updates (WordPress 3.7+)
- Easy: One-click update (WordPress 2.7+)
- Manual (still pretty easy – but not everyone is comfortable with FTP)
Documentation on updating WordPress: http://codex.wordpress.org/Updating_WordPress
Fixing a hacked version of WordPress can be complex.
- Google can/will blacklist your site with Google Blacklist
- Simple updates take moments, having someone find the source of the hack, fixing it, and cleaning up can take hours.
- Did you really have a good backup? Whoops.
- All passwords, secrets will need to be changed
- Hacks can insert spam into your content. No one wants content spam
- You will need to scan your site for malware to make sure everything is removed so it does not happen again right away
Documentation on what to do if your WordPress site has been hacked: http://codex.wordpress.org/FAQ_My_site_was_hacked
In the end:
You are going to have to update to the latest version of WordPress anyways. You have options (automatic, one click, manual) – not excuses.
Ever since Google announced that they would take into account whether sites use secure, encrypted connections as a signal in their search ranking algorithms, a lot of our clients have been moving towards making their sites use SSL. Most clients find out that after moving to a SSL site – that they get a warning saying that not all items on the site are loaded securely. No fear – figuring out how to fix that is easy!
Why is my SSL web page insecure?
Screenshot of Why No Padlock?:
If you are looking for a quick and easy way to figure out a SSL issue – check out this free and easy to use site.
Here at our company – we love WP Engine for many reasons. Sometimes it is hard to convince clients to update WordPress and WordPress plugins. Regardless of the reason, it generally ends up the same: their site gets hacked. Fortunately for those who are hosted with WP Engine – not only do they perform automatic WordPress updates, WP Engine also sends an email notification when a plugin that your site has installed needs to be updated because of security reasons.
Thank you for being a customer of WP Engine. Part of our commitment to our customers is to ensure their site is as secure as possible. We are contacting you today because we have identified a vulnerability in the xxxx Plugin version you are running. In order to ensure your site is secure, please update the plugin immediately.
That helpful email notification helps anyone hosted with them to be more proactive vs. reactive with security issues. Remember:
“An ounce of prevention is worth a pound of cure.”
– Benjamin Franklin
If you are looking for a secure WordPress host – consider WP Engine.
Over the last two weeks we have been busy fixing a lot of issues for people that could have been avoided all together if two simple tasks were done:
- Backup your WordPress data
- Keep WordPress up to date
Luckily for most people – both of these tasks are simple and even automated. First of all – make sure you always have a recent backup of your WordPress database. There is a great plugin available (free) that will actually automate the process and even email you a copy of the database every x days, x weeks, etc. If you have one plugin installed with your WordPress site – install AND use WP-DB-Backup.
If you have a lot of media on your local server – make it a point to back that up every x days (whatever you can live with if something were to happen).
As for keeping WordPress up to date – it has never been more simple. When there is a new version of WordPress available – you will be notified when you log into your site. Simply click on the link to either download the latest version or to update WordPress right then and there. You cannot imagine how much time, effort, stress, and money simply updating WordPress can save you in the long run.