Hello clients (this note is just for you),
Most of you are running WordPress engines to help you manage your website’s content. I know you all want to keep your websites humming along smoothly without any issues popping up that may cause downtime or Google listing problems. A few major security vulnerabilities were addressed in September’s WordPress release (v. 3.6.1), so if you haven’t upgraded WordPress or your plugins recently, now is a very good time for a tune up.
The following covers some background information, do-it-yourself tips, recommendations if you don’t want to do the upgrade yourself, and a little off-topic news.
First, a little background information…
WordPress and plugins are routinely upgraded to improve capabilities, address bugs (or problems with the original code) and close loopholes that make sites vulnerable. Unscrupulous hackers are known to create code that can find and attack outdated WordPress installations in order to run malware through sites or inject content or redirects into webpages.
WordPress is definitely not alone in this type of security vulnerability– all online software is at risk. The great thing about WordPress is that it is an open-source project and thousands of developers are tinkering with the code, constantly enhancing it and making it more secure.
But, to take advantage of these improvements, you must keep your code up-to-date.
Do-it-yourself tips
If you are running WordPress 2.7+, your system will feature an Automatic Update function that lets you upgrade your WordPress installation (including all plugins) on your own. The update function can be launched by going to the Tools -> Update menu (or Dashboard -> Update for version 3+).
Although clicking on the update buttons may seem like a very simple task, be aware that doing so may cause your site to fail. This can happen because of issues with the install function, plugin or theme code conflicts, or server compatibility issues. An upgrade failure is more likely if your system is running a lot of plugins and/or is very out of date.
To protect your content and allow for a relatively easy restore should any problems happen during the upgrade, be sure to back up your website’s database and files. You should also schedule your upgrade during a time when your website isn’t mission-critical. And, you may want to contact me or another developer to be available in case the upgrade causes troubles.
- Back up your database. Your website probably includes an automatic database backup plugin, which you can access from the Tools->Backup menu. Use this function to export and download your database, and then double check that you can open your downloaded database file in a text editor. You may want to download the file a couple of times, just in case one file is corrupted or gets lost.
- Back up your files. There are various ways you can back up your files: 1) Your website may include a plugin that backs up all of your files, although in the past this function was less reliable so we may not have included it in your site. 2) Subscription services like VaultPress and BackupBuddy help you back up and restore your system. 3) Your website host may provide software that helps you keep backups of your website’s files, so check with your host to see what backup services they provide. 4) You can copy your files to your desktop using an FTP Client like the free Filezilla. Again, you should keep a couple of backups on file in case one is corrupted or gets lost.
- Update your passwords. After you’ve upgraded your system, go through your WordPress users and remove any that are out of date or unnecessary. Then, update the passwords for all user accounts. You can find recommendations for password strength here. Now is also a good time to update your passwords with your hosting service.
- Maintenance is ongoing. As the webmaster of your own site, staying up-to-date and secure is an ongoing practice. Tools that may help you do this job include: Google’s free Webmaster Tools, which lets you monitor the health of your site; subscription services like VaultPress and Sucuri that monitor and repair security issues; and managed providers like WPEngine or Page.ly, which offer extra services to keep your WordPress installation secure, up-to-date and fast.
- Learn more. WordPress’ codex includes helpful information about updates, backups, security and hacking.
Hire it Out
If your WordPress system is very complex, very out of date date, and/or you otherwise aren’t interested in performing the backups and upgrade yourself, please contact me or another developer to do this task for you.
My schedule is a bit hectic these days, but I will try to make myself available for upgrades throughout the Fall and Winter. My time for a backup/upgrade of a healthy and fairly current system is typically less than a half hour. Ultimately, the cost of an upgrade now will be much less expensive than restoring a hacked website later.
Regardless if you do the upgrades yourself or not, I’m going to point you again to the “maintenance is ongoing” bullet above. Monitoring the health of your site and keeping it up-to-date over time are important, ongoing practices that shouldn’t be overlooked.
In Other News
As much as I have loved my work and clients over the past seven years, I’ve been cutting back on my freelance load recently to delve into some creative side projects. I’m hoping to post a few articles about my explorations at matternco.com, so feel free to drop by and sign up for updates via your method of choice (email/Facebook/Twitter). I’d love to stay in touch with you.
Despite these changes, I’m still taking on design and development projects (just not as many as I once did), and I always prioritize existing clients first. If I can help you with a project (and you have a fairly undemanding schedule) please consider working with me again.
All my best,