You’ve spent time, money and energy to start a blog and the last thing you want is your website getting hacked.
It’s your website and so it’s ultimately your responsibility to put security measures in place to stop hackers getting in and hijacking your blog.
One simple action you can take to protect yourself is to ensure that you promptly update your website and its components when updates are made available.
Software companies are constantly testing and improving their software and when they find potential security loop holes or vulnerabilities they will release an update that fixes the hole.
Now if you don’t keep your website and the software that runs it up to date then hackers have an easy way to potentially get access to your website and even worse your entire web hosting account.
I run WordPress on my blogs, its free, open source and a very powerful content management system. For those of you who are unfamiliar with WordPress it actually consists of 3 separate groups of software that you must ensure are kept up to date
- Core WordPress software
1. Core WordPress Software
The core WordPress software is what runs my entire blog or website. On the whole the WordPress core software is very secure, but like any software that is constantly being improved and worked on by multiple groups of individuals, security vulnerabilities can be missed.
I use WordPress for many reasons but one of the most important factors for my decision is the size of the developer community that is constantly checking and testing to ensure the WordPress core software is safe from hackers.
Whenever a security flaw in the core software is found, the developer community is pretty quick to find a fix and release an update.
This update will automatically trigger an alert in your WordPress dashboard, letting you know an update to WordPress is available for you to install.
Plugins are essentially small pieces of software that can be created by anyone, to work with the WordPress core software to increase it’s functionality. Basically, they are add-ons bits of code that help you do more with your website than the standard WordPress core software allows.
Since WordPress is open source, meaning anyone can see the underlying code and develop plugins to work with it, this can indirectly create security risks.
Anyone can create a useful plugin and allow others to install and use it on their WordPress websites.
The problem arises if the developer who developed the plugin no longer stays up to date with the WordPress core software updates and does not update his/her plugin promptly.
This could leave security vulnerabilities that hackers can utilise to gain control of your website through the out of date plugin files.
Out of date plugins are one of the easiest ways for hackers to gain access to your entire blog.
Themes are more code that can be added to the WordPress core software just like plugins. However, unlike plugins, themes help you with the aesthetics of your website. Themes are used to help give your website a certain look or feel through design.
Anyone can become a theme developer and create a WordPress theme and make it available for others to use.
So in lies the problem, just like with plugins, if the WordPress core software is updated to fix a security problem and the theme that you use on your website is not, this could leave the doors open for hackers to maliciously damage your website.
How To Make Sure Your WordPress Software, Plugins and Themes are Updated
The good news about keeping WordPress up to date is that it’s easy and alerts are built into WordPress to notify you when updates are available and ready to install.
Step 1. Log into your WordPress Admin Dashboard
To check if you have any update alerts that need actioning, simply log into your WordPress Admin dashboard.
This is located at www.yourdomainname.com/wp-admin
When I logged in to one of my WordPress sites this morning I saw a red circle with the number 1 in it, next to the Updates link on my WordPress dashboard.
The number in the red circle indicates how many items have an update that needs to be installed.
Step 2. Back up Your WordPress blog
If you don’t have a regular backing up routine for your blog, I suggest you look into getting one setup as soon as possible and especially before you encounter any problems with your website.
Backing up your website is a bit like taking out insurance. We all hate buying it but it’ll save the day when the worst happens.
Before doing any kind of updates on your website I recommend creating a backup of your entire website before proceeding.
This backup is there so that you can simply restore your website back to its former self, should anything go wrong when the website is being updated.
A backup solution I like is UpdraftPlus. It is a WordPress plugin and I love how it can backup my entire site whenever I want and send a copy of the backup to my cloud storage provider.
Back up your entire website now, that means all your files and the database.
Step 3. Click on the Updates
Next, click the updates link in the left column of the dashboard and you’ll be taken to the updates page where you’ll see a list of all the things that require updating.
Here’s a screenshot of what I saw on one of my sites.
As you can see I only have one update I need to make and thats for a plugin I use called Contact Form 7.
To make the update all I have to do is place a checkmark in the box to the left of Contact Form 7 and then click Update Plugins.
If you have themes that require updating, you’ll see them listed on the Updates page too, as well as updates available for the WordPress core software.
You simply follow the same process to update Themes. Simply select the themes that need updating and click Update Themes.
Step 4. Check the updates were successful
Once you’ve updated the each group of software, the WordPress core software, plugins and themes, you’ll see a page showing you the outcome of the update.
If all goes well you’ll see a screen like the one below showing that the plugin was updated successfully.
I recommend you update your software in stages. Update the WordPress core software first, if any updates are available. Then visit your website in a web browser to ensure its working correctly.
Then repeat the process for plugins, and finally themes, checking your website functions correctly after you’ve updated all plugins and then once again once all themes have been updated.
What To Do If Something Doesn’t Update Successfully
Now the chances are slim that the in-built updater in WordPress will have a problem when updating items for you, but if this does happen then you have a few options.
If a particular plugin doesn’t update successfully then I suggest deactivating the plugin and deleting it and then reinstalling the latest version. This should fix any technical issues.
Remember that your plugin settings may also be deleted, so you may need to re-configure the plugin again to work as you expect it too.
If it’s a theme thats the problem, then I suggest a similar approach. Select another theme first and activate it, then delete the theme that did not successfully activate.
Reinstall the latest version of the theme and then reactivate it. Again your settings and customisations will be lost and you may need to tweak your website and theme settings to get your website to work and look like it did before.
If your WordPress core software has an unsuccessful update then this could be a bigger problem. If this happens, this is where your backup of your website will come in handy.
I’ll share an in-depth tutorial of how to backup and restore your WordPress blog in case you ever need to do this and also how to manually migrate your entire website to the latest version of WordPress if the auto update method doesn’t work.
Check Regularly for Updates
Make it a weekly routine to check for updates. It only takes a few minutes to log into your WordPress admin dashboard and update most things. This is considerably less time than it would take you to re-gain control of your website should hackers get their dirty hands on it.
Although there are many other things you can do to protect your website such as limit login attempts, use an obscure username, use complex passwords, change your WordPress database table prefixes, use .htaccess files, keeping your WordPress core software, plugins and themes up to date is certainly one item that doesn’t take long or require much technically expertise, but can make it harder for hackers to get into your blog.
So there’s really no reason to put your website at risk by running out of date software. Stay safe, stay updated.
Do you have a routine to check for updates?
Have you ever had a website hacked because of an out of date plugin or theme?
Share you experience below in the comments and any other tips you use to keep your website updated. I look forward to hearing from you.