Print this Post

Update Your WordPress: Learn this Lesson

Update Your WordPress: Learn this Lesson

We welcome guest blogger Leora Wenger to our blog this week. She is sharing critical information with us on how to protect our WordPress sites. Take it away Leora.

wordpress hacked 150x100 Update Your WordPress: Learn this Lesson

“And here I thought WordPress was secure!” said a client to me on
discovering that her WordPress website had been hacked. It turns out
she had not updated to the latest version of WordPress, and thus some
hacker had discovered this and had hacked her site. Fortunately, her web
host was able to roll back her site to an earlier version that did not
have the hack.

Learn to Backup and Update Your WordPress

Before clicking update, backup your WordPress database. I use
WP-Manager, but there are many other plugins or methods for backing up.
You also want to backup your theme folders (learn how to
backup with FTP
), but you only need to backup them up as often as
you change them. You may also want to backup your images, as most
backup programs just back up your database. The key element to backup is
your database – that’s where all the text for your blog posts resides.

On Updating WordPress

When a link suggests that you upgrade to the next version of WordPress,
do it! Do the backup first, then click, click, and you are done with
the upgrade. If your WordPress site tells you to update themes
TwentyEleven and TwentyTen, update those as well. “But I don’t use
those!” you cry. Here’s a reason to keep the latest version of at least
the default theme TwentyEleven on your site: let’s say you mistakenly
install a bad plugin. I mean, this plugin is so bad, your posts don’t
show up. Or you mess up your current theme inadvertently. Here’s what
you do: you switch to the default 2011 theme (as well as delete that bad
plugin). If you have messed up your theme, you can delete your theme
folder (after making a backup copy in case you think you can fix it)
using FTP, and your WordPress will revert to the TwentyEleven theme as

Learn More about Security

This post only begins to brush the surface on WordPress security. A few
more tips:

  1. Make sure to choose a strong password. Use a password with
    characters, numbers, punctuation and a mix of upper and lower case.
    Longer passwords are better.
  2. There is a line about the WordPress version in the header of the
    code. Here’s a post
    that suggests how to remove the WP version
    or use this plugin
    to remove the version
    . The Better WP Security Plugin, a top-notch
    security plugin, includes removing the WP version tag as one of its
  3. In config.php, change the database prefix to something other than
    wp_:$table_prefix = ‘wp_';

    You want something like:
    $table_prefix = ‘xrzq_';
    Unfortunately, it is much easier to do this when you first set up your
    WordPress. If you already have WordPress set up, you have to follow careful

    instructions to make this table change.

  4. In config.php, change the security keys. You can use this tool to come
    up with some security keys
  5. Update your plugins when a new version is available.
  6. Beware of free themes; free themes may have bad code that a hacker
    can use to access your database. And make sure plugins are reviewed on
    WordPress.org and recommended.
  7. Pick a good web host: I use BlueHost.
  8. Read every post you can find about WordPress security. If this gets
    you panicky, just read (and absorb) one or two per week. Then take
    action and fortify your WordPress site.

The analogy I like to give people is robbers are less likely to
attack a house with a security system. You can build your own security
system by making small security changes to your site. And
updating your WordPress is sort of like locking the
door: it’s the basics.

Your Turn, Please

Have you ever been hacked? What lessons did you learn? Have you ever had
a problem with a WP upgrade or a new plugin? How did you handle it?

About Leora Wenger

Leora Wenger builds websites for small businesses, libraries and
Rutgers University departments. She loves tweaking PHP, composing a
striking web design, stretching WordPress, and publicizing sites. In her
spare time she’s a mom, wife and daughter. Every now and then she
squeezes in the time to paint a watercolor or two. You can learn more
for your small business by visiting Websites for Small Biz.

pixel Update Your WordPress: Learn this Lesson

About the author

Tasha Turner

I am a writer and a one-on-one social media coach. I teach people how to brand themselves and how to use social media effectively.

Currently I am co-authoring a short story about a Jewish vampire to be released in 2012 as an e-book. This will be my 1st fiction. I have written a number of computer manuals and managed a tech writing group as well as editing others work for 20 years. Tasha Turner is my Pen Name and has become my professional name by default.

Permanent link to this article: http://tasha-turner.com/update-your-wordpress-learn-this-lesson/

  • https://www.google.com/profiles/104233089791025510284 Johanna Denton

    Thanks for the great information. It’s kind of overwhelming, so I will follow your advice about taking it slow. We should do everything we can to prevent hacking. Thanks again.

    • http://biz.leoraw.com/ Leora

      Yes, I find lots of information at once overwhelming as well! My main takeaway is make sure to update.

      Then, don’t be afraid to learn more about security, a bit at a time.

      • http://www.israelpcdoctor.com Beau – Israel’s PC Doctor

        I am constantly telling all my clients that the 3 most important things about computing are:
        1) Backup
        2) Backup
        3) Backup (in that order ;>)

        also, as for security, with all the widespread hacking that is going on these days, it is good to use a very secure password management application such as http://www.lastpass.com which will remove all your insecure passwords from where they may be stored in your browsers, prompt you to allow it to generate new, strong ones, save and encrypt them in your “vault”, and allow you to access and manage all of it via one strong master password that gets you in and out of LastPass. it offers an amazing layer of security to all that you do online, and it follows you wherever you go – different browsers, even different computers in different locations. you can have constant, non-stop protection. i’m now using it, and see that i am much safer from hackers and intruders. thanks for your critical information about backing up, Leora – although yours was very specific about WordPress, the concept has univeral applicability and relevance no matter what you might be doing. always back up the things that matter to you.

        • http://biz.leoraw.com/ Leora

          Beau, thanks for all that great advice and in particular that password manager you mentioned.

          Sherryl, thanks for relating your experiences on how things sometimes break (but can be fixed).

          Adeline, so true about “don’t use admin” – hackers will try that username first.

    • http://www.facebook.com/TashaTurnerAuthor Tasha Turner

      Things I learned were critical. Backup. Update. Slowly learn more.

      • http://biz.leoraw.com/ Leora

        As an alternative, you could learn quickly, too! But most of prefer slow and easy, especially since there’s a lot more to life than keeping stuff secure.

        • http://www.facebook.com/TashaTurnerAuthor Tasha Turner

          True. I have family and friends that learn quickly. But if feeling overwhelmed stick with the basics and take things slow.

  • http://keepupwiththeweb.com Sherryl Perry

    Great tips on keeping our software updated Leora. You are so right about updating our themes and plugins too.

    I’ve never had my site hacked but on more than one occasion, I’ve had plugins break something. Usually, all looks well in Firefox but it’s important to take a peek at our site in other browsers too. (Internet Explorer 8 causes the most problems for me.

    Another time, a minor tweak in the control panel of my premium theme caused an issue with the CSS file and I had to recreate the theme. (In that case, I relied on the information that I had tracked using Excel.)

    Lesson to be learned from all of these experiences is that in addition to updating our sites, we should also keep track of our steps. That way, if something does suddenly break, we’ll know where to start looking.

  • http://life-and-leisure.com Adeline

    Great tips! It’s also a good idea not to use “admin” or “administrator” for the username. It’s such a common username, and if you use this, you pretty much have already given a hacker half of the information they need to hack your WordPress account.

  • http://poeticparfait.com Christy B

    Good tips, thank-you. I do wonder, how do I know when there is a new version of WordPress? Will I get an email?

    • http://biz.leoraw.com/ Leora


      Good question about WordPress being updated! If you log into your WordPress site often (at least once per week), then you will see the announcement in your Dashboard. The reminder will be obvious. But if you are one of those people that rarely use your WordPress, you will probably need someone else to remind you. Do you look at Twitter? If you follow people who talk about WordPress, like I do (I’m @leoraw), I often tweet when there’s an update. Truth is, it’s probably just easiest to use your WordPress site often, and you will see the notice when it comes. You could also ask a friend who does use WordPress often to remind you.

      • http://poeticparfait.com Christy B

        Thanks Leora! Yes, I log in to WordPress at least once a week for my poetry blog to publish posts. I am pleased to read that the update will appear on my dashboard. I actually connected with you when Tasha’s post first came out. I am @christybis. Thanks so much for you help.

        • http://www.facebook.com/TashaTurnerAuthor Tasha Turner

          Does this mean I’m a twit-matchmaker? So glad to see people connecting.

  • http://www.facebook.com/TashaTurnerAuthor Tasha Turner

    Thank you do much for being a guest Leora. Great advice and fantastic discussion going on.

  • http://www.bindu.ca Bindhurani

    Leora Wenger gives a lot of information for WordPress users. Once I clicked update, without doing the back up. A lesson learned in hard way.
    Thanks for the great tips. Now, my problem is how am I going to remember all these information when I really needed it.
    Thanks Leora.

    • http://biz.leoraw.com/ Leora


      Thank you for your kind words. My suggestion regarding remembering: read a post on security, then do one thing to increase your site’s security. One step at a time.

  • http://www.findingourwaynow.com Susan Cooper

    Gosh, it’s as if a red flashing light is saying “UPDATE NOW OR ELSE”. I think I need to get on the ball. Thanks for the red light warning. My website developer had been hesitant to update until he test the effects first, but maybe it’s time the take the leap. :-), Susan Cooper from BHB

    • http://biz.leoraw.com/ Leora

      Susan, in the past, earlier versions of WordPress, there have been good reasons to hesitate about upgrading. However, now most of the upgrades are quite stable. If someone has a problem, it’s usually a plugin or a theme that is the problem. If one disables all plugins and uses the TwentyEleven theme, everything will work fine. So one can then add back in one plugin at a time to find out which one is at fault. And in terms of themes, perhaps try a different theme if one causes problems.

      One developer says if the upgrade is to a full number like 3.0, he waits until 3.1 is stable. But the current upgrades are from 3.13 to 3.14 … much less likely for there to be any issues. Not upgrading is the issue.

      • Susan Cooper

        That is very good to know. Thanks for the input. :)

  • Pingback: 9 Posts on Website Security with WordPress Security Tips()


Get every new post on this blog delivered to your Inbox.

Join other followers:

Optimization WordPress Plugins & Solutions by W3 EDGE
%d bloggers like this: