Keeping your WordPress site updated is critical
In recent weeks, I’ve been very busy cleaning up hacked websites for clients. Like most business owners, we are many times too busy to keep an eye on those pesky updates needed to keep our sites safe. Who has time for updating? Well, this has resulted in very expensive fixes. Moving hosting, complete site and database rebuilds, erroneous and harmful links on google (some with pornographic titles). It has brought to my attention that many of my clients need help with this problem, and soon!
Ignoring WordPress maintenance updates leaves your site vulnerable – I can now offer to do this for you with a new WordPress Care Plan.
Click here for pricing and details.
Can you do these updates on your own? YES! Here’s what you need to do:
Please note that some hosting companies will offer auto-updates for WordPress. I don’t recommend this method simply because they do not check to make sure things are working after these updates occur. The manual method, described below, is much safer. If you choose auto updates, do not use that setting on THEMES. See more about that below. Also, here’s a link to my WordPress Care Plan FAQs. Answers to questions you might have may be found there.
1. Make sure you back up your database and all your site files prior to updating. Here are details on WordPress.org as well. I recommend using BackupBuddy. This is $80 annually. It can be purchased here. You need to make yourself familiar with not only backing up but also restoring your site. Always check with your hosting company to see if they offer a back up for you. Call and find out. Most do not do this as a routine service. All hosting companies vary.
This is an example of Back Up Buddy – showing my most recent back up of all file and the database.
2. After you back up your site, first check to see if you need to update WordPress. If so, do that update first.
This is an update notification in the WordPress dashboard.
3. Then, update any themes that say they need updating. The exception to that rule would be your active theme. Under APPEARANCE, THEMES, it will tell you which one is active. Do NOT update or you will lose all your theme customizations.
Do not update your active theme – this will remove your site customizations. In this example, SWANK is active. All other themes can be updated.
WordPress comes with some basic themes that need updating even though they aren’t active. It’s good to have at least one alternative theme in case yours is not working for some reason.
4. Next, update any plugins that require an update. If anything doesn’t work, make sure you know how to restore from your back up!
Plugins are where the most issues occur regarding updates. Make sure you have a back up of the previous version.
5. Empty your spam comment folder. This can have all kinds of awful links in it. If you have comments active on your site, sign up for Akismet to help filter these. Make sure your comments are set to require your approval before appearing on your site. In most cases, I have set it up this way. Better yet, if you don’t need comments, disable them. Again, many of you already have comments turned off in your original design.
WordPress tries to filter spam for you. Akismet is also a good option at $60 a year.
6. Install a plugin for virus scanning. I recommend WordFence. – block any IP addresses that routinely try to attack your site as ADMIN. WordFence has tutorials for all of this. Sucuri is also a great one. Both have free and premium versions. Call your hosting company and ask what they offer for security. Make sure to ask not only what they offer to monitor and update your site, but also what they offer to restore it if it gets compromised! SiteLock is commonly offered, but the basic package only lets you know you’ve been hacked and doesn’t restore your site.
Wordfence will scan for viruses and tell you what countries your attempted hackers are coming from.
These are results of a Sucuri scan. You can scan your site at:
I recommend doing these steps once a week to reduce your risk of a site hack. With my WordPress Care Plan, I will be giving sites weekly attention and backups will occur daily.
Other steps you can take:
- Make sure no one on your site had the username ADMIN. This is HUGE! Read more about this here.
- Use strong passwords. That doesn’t include anything on this list.
- Sign up for a Google Webmaster Tools account and monitor your site there.
- Sign up for a WordPress.com account (user only) and install JetPack on your site (it’s a plugin). You can add BRUTE PROTECT and other security features with this plugin.
- Contact your hosting company and find out EXACTLY what they offer for backups, malware & virus scanning, and most importantly, RESTORING YOUR SITE. Don’t assume they are providing any of that.
Can you ask WebCami for help if you update on your own and still get hacked or have something go wrong?
Of course, I will. I will help in any way I can. Hourly rates will apply.
But, if this to-do list looks too daunting, please consider my new WordPress Care Plan and let me take care of this for you!
Are you a fellow web designer?
Join the Community @ WebCamiCafe.com
