Following on from our recent blog post regarding website back ups, we wanted to give those of you who are tech savvy some advice on keeping your site safe against hacks.
Firstly, hacks do happen (on all platforms). Most of the time they just want to see if they can do it but if you are some big corporation, they probably want to hack in and steal all of your company secrets. Often, they will hack in and deposit some script to mess up your lovely site. This is why it is important to make sure that you have regular back ups of your site files and database. This is your responsibility as we don't provide hosting and don't keep copies of websites. If you have back up and in the worst case, your site does get hacked then your hosting company will be able to help you to restore your site from a back up. No back ups and you are likely to have to start again. GULP.
1. Make sure that you have decent hosting (with back ups). You really do get what you pay for.
2. Make sure that you are running the latest version of WordPress and that all of your associated plugins are up to date.
3. If you aren't using a plugin, then get rid of it. A good rule of thumb is to keep your plugins to a minimum.
4. Don't use 'admin' as a username. This was a default of early versions of WordPress so could still be a username. If you are still using this, then create a new user and transfer all content to that account.
5. Create good passwords. You could use an auto password generator like this one http://passwordsgenerator.net/ to generate something alphanumeric.
6. Limit access to login URLs /wp-admin and /wp-login by IP.
Once we have built a site and it has gone live, it is your responsibility to make sure that it is up to date (please take a look at our Service Level Agreement). WordPress releases around 30 new versions in a year, so it is worth bearing this in mind.
1. Make sure that you have a recent back up of your site. Once you press UPGRADE you can't go back easily, so ensuring that you have a back up means that if it goes wrong, you can get your hosting company to reinstate the back up.
2. Upgrade all plugins. Go to your plugin section and if there are plugins that need to be updated, then one by one update them. You should also check the front and back ends to measure that the upgrades haven't caused issues.
2. Upgrade WordPress. From WordPress 2.7+ the feature to ONE CLICK UPGRADE was added. This should appear as a banner at the top of your WordPress dashboard.
Simply click the link in the new version banner or by going to the Dashboard > Updates screen. Once you see the 'Update WordPress' page, click the button 'Update Now'. This will start the process off and you can sit back and watch it update. Once it's finished, you will be up-to-date.
The One Click updates work on most servers but if you have any problems, it is probably related to permissions issues on the file system and so you should contact your hosting company to enable this.
If you don't have the option to Upgrade your version of WordPress at the touch of a button, then take a look at the instructions to do this manually on the WordPress website https://codex.wordpress.org/Updating_WordPress#Manual_Update
Alternatively, if you want us to upgrade your version of WordPress OR regular ensure that everything is up to date, then please drop us a line and we would be happy to talk to you about this.