I’ve just had an interesting little chat with a Web Designer based in Bradford on Avon about WordPress security. Due to valid concerns about the updates breaking his clients’ WordPress sites, he’s been advising them not to install the updates when asked. It’s a valid fear. Major changes to the WordPress API can break plugins, and badly designed WordPress custom themes may break if your web developer has hacked the WordPress core files.
But this is wrong in my opinion. Why? Because getting your site hacked will cost your business a damn site more time, money and customer goodwill then the small cost of keeping your site updated.
WordPress is probably the world’s most common web application, and as such is a massive target for hackers. If you consistently fail to update your WordPress installation it will get hacked eventually. It’s just the same as being a Windows user and not updating your anti-virus software. The nasty people will catch you with your pants down.
So what should you do? The process is quite simple.
- Backup your MYSQL database
- Backup your entire WordPress root folder ideally, or your wp-content folder at the very least
- Install the WordPress update, or the updated plugin(s)
- Test the site for any problems
If something does go wrong, you can easily revert to your previous working version from the backups you have taken, or by contacting your web host and asking for them to restore from nightly backups.
- Delete the database
- Restore the database from your backup
- Delete your WordPress root folder, apart from the wp-content folder.
- Restore from your FTP backup, or download the full installer and reinstall from that.
If any of the above fills you with horror, Sweet-Apple provides an inexpensive and pro-active WordPress security service.