WordPress Best Practices, Part Two: Security through updates and backups

by Paul on August 31, 2011

Wordpress Logo (grey, XL)In part one of this series on WordPress Best Practices we looked at security through obscurity.

There are other ways to obscure your WordPress installation other than changing the administrator username, but I feel they become a little complex and the pay-off isn’t as great.

In this article I’m going to discuss probably the most important way to keep your WordPress installation secure: Updates!

Always keep your WordPress core up-to-date

We’re all a little sceptical of updates, and understandably so.

We’ve been taught that to update your computer is to turn it quickly into an expensive paper-weight that will take hundreds of dollars to fix, or 3 weeks of head-wrecking misery to do on your own.

I’ve been there. We’ve all been there.

But that’s technology and unfortunately there’s little we can do about it except mitigate the risk.

As WordPress grows in popularity, the risk of attack on your site grows daily. You need to chose: put a bit of effort in today, or scramble to recover a dead website tomorrow.

WordPress core comes first; Plugins are extras

It doesn’t matter what plugins you are using, if you’re on a WordPress Core version that is out of date because upgrading breaks your plugins, you’re using the wrong plugins.

You put your website at risk everyday you operate an outdated version of WordPress.

Often, when you ask the right person to take a look, fixing a broken plugin or theme is a quick job. This can get you past the problem and onto a more secure platform.

Another option with plugins is purchasing premium plugins with support options so that as new versions of WordPress are released you’re more likely to be covered.

Just in case, backup your WordPress database

When all in said and done, sometimes the absolute worst happens and the website is lost.

Without a backup of your database you’re screwed.

For the speed readers that missed that, here’s that line again:

Without a backup of your database you’re screwed.

There’s no excuse to not have a recent database backup. There are plugins out there that can do nearly everything you need.

The plugin I use for all my sites and whole-heartedly recommend is WP-DBManager.

You can schedule this to run regularly and email you with the database backup file. It’s too easy.

The Next Generation WordPress Backup System is coming

To manage WordPress sites for ourselves and our clients, we’ve implemented a custom system for backup and recovery of WordPress sites that doesn’t require the use of plugins, FTP, or S3 storage.

None of that.

We’re calling it Worpit, and it will form part of our Worpit WordPress Management System. If you’re interested to learn more, visit our WorpDrive site.  You can sign up there to be notified of when WorpDrive will be released and keep up to date with the developments.

Your Next Step

Update your WordPress Core!

If you find your WordPress is still sitting on an old version and you’d like some help to bring it up to date, please feel free to contact us here to see how we can help.

Alternatively, you might consider our Managed WordPress Hosting service where we take care of all of this for you.

If you have any comments or questions on this, please feel free to drop us a message below.

Use the form below to join our Developer Channel

Do you need an automated CPanel web hosting backup script? There is that and more in the Developer Channel

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: