I encountered a situation today, rare I must admit, in which a woman running two WordPress sites had had them both hacked.
As I talked with her and unpeeled the layers of the onion, the horror deepened.
It seems that her sites had been hacked towards the end of last year and her hosting company responded to her plea for help by allowing her site to become visible again, albeit still infected.
I asked when her last backup had been made and she was unsure what I meant.
Here we have two compounding problems, out of date WordPress versions or plugins increase your vulnerability to attack, while leaving a hacked site untouched will destroy your reputation with Google and the search engines.
So here are three steps to take now, and revisit weekly.
The three crucial maintenance steps
Pick a day of the week to do this and then please do it religiously.
You need to log in to your WordPress site at least weekly to check whether there are any updates needing to be applied. For example, your current version of WordPress itself should be version 3.3.2 [that was current at the time of publishing]. Don’t know how to check? Log in to your site and in the Dashboard window, look for the section called ‘Right Now’ and towards the bottom of the box you will see the WordPress version number. If it is lower than 3.2.2, please click the Update page underneath Dashboard and click the Update Automatically button. Then DON’T touch your browser until it tells you it has completed – about two minutes.
While in the Update window, a little lower down, there will be a list of Plugins needing updating. Check to see if any plugins are listed. If so, click the box next to them and then click Update All at the top of box. Again, DON’T touch the computer while the updates cycle few. Again, a few minutes will suffice.
Whenever you do updates or have finished an editing session on your site, please take one of the simplest backups available. Within WordPress go to Tools > Export, leave all settings on default and then save the export file somewhere safe on your computer. This simple file will allow me, or your geek, the ability to restore your site when we rebuild WordPress for you after a bad incident. It will recompile all your Page and Post copy, headlines and menu structures. It will not include images, but at least you will resurrect your hard work which otherwise would have been lost.
If you complete those simple checks weekly, you will greatly diminish the risk of having your website hacked.
Yes, it means a regular task, but remember, every time you apply an update you are applying all the latest smart insights from the bright bunch of geeks who all contribute to the world-conquering, website content management system opens source project called WordPress