Avoid Hacks and Other Scary Problems With Basic WordPress Housekeeping • New Tricks
 In WordPress
dog with mop in mouth

via Zazzle.com

I hope you had a relaxing Labor Day weekend with friends and family.  I was worried that my weekend might have a lot more emphasis on the labor part than the relaxing part. Recently, a plugin called Tim Thumb, built into a lot of WordPress themes to help with dynamic image resizing,  was found to have a security flaw causing WordPress sites that included it, to be hacked.

Last week, I spent several days tracking down my client’s sites that incorporated the TimThumb plugin and repairing the problem.  I had a scare Friday late afternoon when several of these sites were running extremely slow which had me worried that they had been hacked. After several hours Friday evening, I discovered that none of these sites had been hacked and it was another plugin, Twitter Tools, that was slowing these sites down to a crawl. When I deleted Twitter Tools, all was well. What I had worried was going to take me all weekend to fix was resolved just like that. Poof. And I lived happily ever after. And so you don’t have to worry,  here are some tips to help you keep your site safe and secure.

Site Backups:

I routinely write about the need for backing up your WordPress websites. There are the theme files and the database files where the content is stored and all of that needs to be backed up. A lot of people use WP-DB backup and using that will help save your content if your site gets hacked or the server crashes or someone erases your site ( it has happened). But that plugin alone will not back up your theme files that may of you have spent time or money or both to modify to create your own branded look. It would be a shame to lose them.  You can learn to back your sites theme files up to your computer yourself through FTP. Or, if you are not inclined to fool with that kind of technical house cleaning, look into using a plugin called BackupBuddy or a service called VaultPress. There is a charge for each of these, but they will back up everything on a daily, weekly or monthly basis and give you peace of mind.

One other easy backup method if you have Bluehost is their $12.95 per year, Pro Backup service. This makes backups that are the quick and easiest way to restore your site or a particular file. The downside is that their backups are stored on the Bluehost server so if something happened to Bluehost you would lose your site and your backup.

Versions: Keep Current

Once you have your site backed up, you must update your plugins and upgrade the WordPress software when it tells you on your dashboard that there are new versions. WordPress and Plugin developers are always working to not only increase functionality but also to provide security patches when vulnerabilities are discovered.

Plugins: Prime Suspects

The first thing to check when your site is not working quite right is your Plugins. Disable your plugins, one by one,  and see if the problem is resolved. Start with the plugins that you may have added recently or that run a j-query script or that interact with an outside application, like Twitter Tools does. If everything had been going fine, you could expect that it might have been a plugin that was upgraded recently.  It might have been changed in some way that it was working before but now causing issues.

As an extra precaution and as good site maintenance, get rid of plugins that you are not using. Go through your plugins and deactivate those that you think are not being utilized. Check your site and  if everything is working right, delete it. Often we get carried away with all of the things plugins can do. But in this case Less is More.

Themes : Use them or Lose them

Delete any themes that you are not using. In the case of the Tim Thumb hack, even if the active theme did not use the TimThumb plugin, the hackers could get into the site through a nonactive theme that had been uploaded.  Often we try out a bunch of themes before settling on one we like. So go ahead and clean house and get rid of those that are sitting around. You can always load them up again if you need them again.

Additional WordPress Installations on Your Hosting Account

You must also take care of any other WordPress installations that you have on your main account. If you don’t keep them updated, hackers may get into your main site through vulnerabilities on your additional business, hobby or test sites. This has happened to some people I know who lost three business sites because one got hacked and then the others were soon to follow.

Recent Posts
Showing 2 comments
  • Lydia
    Reply

    I was really motivated by this post to use a back-up plugin. Initially I planned to use one of your recommendations, but after a bit more research, I went with blogVault because their system enabled me to move my site to a new domain. And, users raved about the personal support. Well, it's amazing and I think it will work well for bloggers who appreciate Judi's approach. Akshat Choudhary from blogVault set up a GoToMeeting where he could watch my screen and he walked me through all the steps on my server to move my site. Their service is 30 days free trial followed by a monthly (cancel at any time) $9 so they haven't even received any money from me yet. This isn't a paid promotion – I'm just a community (no ads) blogger struggling with the technology.
    My recent post Happiness

    • judi knight
      Reply

      Lydia, Glad you got a good backup solution.It is really important. I needed it myself the other night went I went in to do a could of things and lost my entire theme styling. I was very glad I had a complete backup of theme files and content. Thanks for the suggestion of BlogVault. I will look into it to add to my list of solutions.Judi

Leave a Comment

Screen-shot-2011-06-25-at-5.35.57-PM-e1309037848792.pngno-sign-8.png