The growing popularity of WordPress isn’t surprising. It’s a great platform for building your website. The admin interface is designed to enable you to easily update content yourself. The WordPress community offers thousands of themes and plugins for the do-it-yourself site builder. And if you work with a savvy design and development team, your WordPress-based site can provide a top-notch user experience (UX) and include almost any functionality you desire.
But like a fine automobile, your website requires regular maintenance. The technology that underlies WordPress is constantly evolving. Recent releases include efficiency improvements in managing the database and media library, in addition to features to make it easier to update your site.
Protecting Your Site from Malware
Sadly, the more popular WordPress becomes, the more hackers are constantly evolving new ways to try to penetrate its security mechanisms. In the past few months we’ve seen hackers target vulnerabilities discovered in the WordPress core code and in hundreds of popular plugins. The good news is that as soon as these bugs are discovered, the developers hustle to release new versions of WordPress and plugins that fix the problems. But if you don’t update the code on your website promptly, your site may be damaged or infected with malware.
These hackers and the vulnerabilities they target are one of the main reasons we encourage clients to sign up for a maintenance program. All sites under maintenance are backed up regularly. We used to review and update plugins once a month, but with the rash of problems discovered lately we are now updating once a week. We enable automatic security updates on the WordPress core code, and make sure that these updates don’t cause problems in the sites that we monitor. When there is a new feature update, we back up sites before updating and then test thoroughly to ensure that the transition is smooth.
In February, 2015, website security vendor Sucuri published an article detailing a vulnerability that had been discovered in Gravity Forms, one of the most popular premium WordPress plugins. Ironically, the Gravity Forms developers had discovered this problem and fixed it a few months earlier. But after Sucuri publicized the problem, hackers started trying to take advantage of it. None of the websites we have under maintenance contract were affected, as their plugins were all up to date. But one of my former colleagues and two former clients were infected, as they were still running with code from summer of 2014. One of the infected sites started spewing out thousands of spam messages, causing the server to be blacklisted and impacting the email accounts for all the accounts on the server. I spent 2-3 hours on each of the three sites, cleaning out the malware and reinstalling fresh versions of WordPress and all plugins.
Do It Yourself
Do you need to pay for a maintenance service? No, you can do the updates yourself. We recommend making backups before doing updates.
- Back up your full site (files and database) at least once a month. The database and uploads folder should be backed up more often if you are making frequent updates to your site.
- Check for plugin and WordPress core updates at least once a week.
- Before making any updates other than minor plugin updates, back up your database. It doesn’t hurt to back up at least your wp-content folder (plugins, themes and uploads) as well.
We use a service called ManageWP to efficiently manage dozens of websites from one console. If you have more than one WordPress site to manage, you may want to check it out. The service is free for up to five websites.