Update Your WordPress: Learn this Lesson
We welcome guest blogger Leora Wenger to our blog this week. She is sharing critical information with us on how to protect our WordPress sites. Take it away Leora.
“And here I thought WordPress was secure!” said a client to me on
discovering that her WordPress website had been hacked. It turns out
she had not updated to the latest version of WordPress, and thus some
hacker had discovered this and had hacked her site. Fortunately, her web
host was able to roll back her site to an earlier version that did not
have the hack.
Learn to Backup and Update Your WordPress
Before clicking update, backup your WordPress database. I use
WP-Manager, but there are many other plugins or methods for backing up.
You also want to backup your theme folders (learn how to
backup with FTP), but you only need to backup them up as often as
you change them. You may also want to backup your images, as most
backup programs just back up your database. The key element to backup is
your database – that’s where all the text for your blog posts resides.
On Updating WordPress
When a link suggests that you upgrade to the next version of WordPress,
do it! Do the backup first, then click, click, and you are done with
the upgrade. If your WordPress site tells you to update themes
TwentyEleven and TwentyTen, update those as well. “But I don’t use
those!” you cry. Here’s a reason to keep the latest version of at least
the default theme TwentyEleven on your site: let’s say you mistakenly
install a bad plugin. I mean, this plugin is so bad, your posts don’t
show up. Or you mess up your current theme inadvertently. Here’s what
you do: you switch to the default 2011 theme (as well as delete that bad
plugin). If you have messed up your theme, you can delete your theme
folder (after making a backup copy in case you think you can fix it)
using FTP, and your WordPress will revert to the TwentyEleven theme as
Learn More about Security
This post only begins to brush the surface on WordPress security. A few
- Make sure to choose a strong password. Use a password with
characters, numbers, punctuation and a mix of upper and lower case.
Longer passwords are better.
- There is a line about the WordPress version in the header of the
code. Here’s a post
that suggests how to remove the WP version or use this plugin
to remove the version. The Better WP Security Plugin, a top-notch
security plugin, includes removing the WP version tag as one of its
- In config.php, change the database prefix to something other than
wp_:$table_prefix = ‘wp_';
You want something like:
$table_prefix = ‘xrzq_';
Unfortunately, it is much easier to do this when you first set up your
WordPress. If you already have WordPress set up, you have to follow careful
instructions to make this table change.
- In config.php, change the security keys. You can use this tool to come
up with some security keys.
- Update your plugins when a new version is available.
- Beware of free themes; free themes may have bad code that a hacker
can use to access your database. And make sure plugins are reviewed on
WordPress.org and recommended.
- Pick a good web host: I use BlueHost.
- Read every post you can find about WordPress security. If this gets
you panicky, just read (and absorb) one or two per week. Then take
action and fortify your WordPress site.
The analogy I like to give people is robbers are less likely to
attack a house with a security system. You can build your own security
system by making small security changes to your site. And
updating your WordPress is sort of like locking the
door: it’s the basics.
Your Turn, Please
Have you ever been hacked? What lessons did you learn? Have you ever had
a problem with a WP upgrade or a new plugin? How did you handle it?
About Leora Wenger
Leora Wenger builds websites for small businesses, libraries and
Rutgers University departments. She loves tweaking PHP, composing a
striking web design, stretching WordPress, and publicizing sites. In her
spare time she’s a mom, wife and daughter. Every now and then she
squeezes in the time to paint a watercolor or two. You can learn more
for your small business by visiting Websites for Small Biz.