How Secure is Your WordPress Site?

Written on September 8, 2009 by Janet in Blogging Bits, Tech Tips, Wonderful WordPress
12 Comments - Leave a comment!

HackingFor several weeks, I’ve been seeing warnings about WordPress sites being hacked, but I didn’t worry about them too much, since all my sites were already at 2.7 or higher. Admittedly, I was a little reluctant to upgrade to 2.84, having run into some problems the first time I tried upgrading a site to 2.7. I’m happy to say that I finally bit the bullet and was able to perform the upgrade without a hitch. (Well, I did run into a problem, but it had nothing to do with the upgrade process. Continue reading to find out what happened.)

If you’re already running WordPress 2.7 or higher, it’s really not difficult at all to upgrade. Just a few steps:

Step 1: Run a full back-up

If you don’t have a back-up system in place, there’s no time like the present to implement one! I recommend using two plug-ins: WordPress Database Backup to back up your database, and Wordpress Backup for your themes, plug-ins, and uploaded images. Once you’ve installed the plug-ins and downloaded your back-ups, you can set them up to automatically run back-ups at regular intervals, and either save them to your server or send them to you via email.

Step 2: Deactivate all plug-ins

Step 3: Update WordPress

Simply click on “Please update now” which appears at the top of your screen.

Step 4: Reactivate all plug-ins

It really only takes a few minutes, so don’t put it off. I really mean that. Much to my dismay, after successfully upgrading four sites, when I got to the last one, the screen went blank when I started running the back-up.

This bore no resemblance to the problem currently being reported by thousands of users, so I didn’t think I’d been hacked. Since I’d completely lost access to my dashboard, I logged into my hosting site and downloaded a copy of the database, and when I looked at the file, I could see tons of stuff in there that clearly did not belong. Fortunately, that particular site had very little content and I’d found the theme very cumbersome to work with, so I decided to start with a fresh install and recreate the site. If this had happened with a larger site such as this blog, it would have been a far more serious problem, and I would probably still be off crying in a corner somewhere.

I learned a very important lesson, and believe me, I won’t make that mistake again!

Upgrading from a version of WordPress older than 2.7 is trickier, as it must be done manually, but it’s not too bad if you closely follow these step-by-step instructions.

Upgrading to WordPress 2.84 will make your site more secure, but you might also want to install the WP Security Scan plug-in to check for any outstanding vulnerabilities.

I owe a big thanks to Neil Matthews, AKA WP Dude, for teaching me about all of the above plug-ins (although I foolishly neglected to install them until now). If you need any technical help with your WordPress site, I highly recommend his services. He offers one-on-one coaching to individuals wanting to learn more about WordPress, as well as technical services for those who just want something done.

Whether you do it yourself or get someone else to do it for you, make sure your sites are as secure as possible.

Tags: , , , , , ,
12 Responses to How Secure is Your WordPress Site?
  1. Org Junkie
    September 8, 2009 | 5:45 pm

    Thanks Janet, I use the WP database plugin but not the other so I will definitely see about getting that install. Appreciate the tips.

  2. Janet Barclay
    September 9, 2009 | 5:38 am

    Happy to help, Laura! Judging from my emails and the comments I received on this post on Facebook, it seems I really emphasized the importance of this issue!

  3. Melodee Patterson
    September 11, 2009 | 4:09 pm

    OK! OK! I’ll upgrade my blog! (Mine’s so old I don’t know if the automatic upgrade will even work. Better try it first on an old blog I don’t keep up anymore…)

  4. Janet Barclay
    September 11, 2009 | 4:48 pm

    If it’s 2.6 or older, you’ll need to upgrade it manually using the step-by-step instructions, but I’m pretty sure you upgraded to 2.7. I seem to remember it coming up in bloggersation before…

  5. Melodee Patterson
    September 11, 2009 | 5:01 pm

    Just checked my source code – Wordpress 2.5.1 LOL!

    Maybe I shouldn’t have said that – there may be hackers listening in…

  6. Janet Barclay
    September 12, 2009 | 6:59 am

    Better back up, even if you do nothing else!

  7. Melodee Patterson
    September 12, 2009 | 6:27 pm

    I did it! I backed up my blogs and upgraded them – thanks to your excellent links and procedure!

    The worst part was upgrading manually, which was my own fault for waiting so long. Won’t do that again :-)

  8. Janet Barclay
    September 13, 2009 | 9:14 am

    With the newer versions of WordPress, it’s no longer necessary to upgrade manually. Sure makes life a lot easier!

  9. business tips
    September 18, 2009 | 4:20 am

    i protect my wp blog using match comment spam protection
    but i think your tips is reasonable for me to try it
    thanks janet

  10. Janet Barclay
    September 18, 2009 | 6:03 am

    business tips, comment spam is annoying, but not necessarily a security issue. You also need to make sure hackers cannot access the inner workings of your website or blog!

  11. Barbra Scurley
    September 25, 2009 | 9:48 am

    I don’t know If I said it already but …Cool site, love the info. I do a lot of research online on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say I’m glad I found your blog. Thanks, :)

    A definite great read….Barbra Scurley

Trackbacks/Pingbacks
  1. Tweets that mention From the Desk of Janet Barclay » Blog Archive » How Secure is Your WordPress Site? -- Topsy.com
Leave a Reply


Wanting to leave an <em>phasis on your comment?

Trackback URL http://janetbarclay.com/2009/09/08/how-secure-is-your-wordpress-site/trackback/

Bad Behavior has blocked 62 access attempts in the last 7 days.