How To

WordPress How To: Security 101

Posted by | How To | No Comments

If your site has ever been hacked, you know it is a very unpleasant experience. The time it takes to remedy and recover is something you don’t want to have to deal with!

Here are the three main issues any site owner can address right now:

  • Once your site is up and running, delete the “admin” username account. Since that is the default setup that’s the first user that will be looked for to exploit. It is also a good idea to not have your nickname and username be one in the same. Also use passwords that are at least 8 characters in length and are a combo of capital and small case, numbers, letters and characters to make it a difficult as possible to be guessed. The best passwords don’t spell anything out and are difficult, even for you, to remember. This goes for your WordPress database password too!
  • Upgrade your WordPress to the latest version and continue to do so as new releases become available. For example while 2.8 was only released in the last month or so, 2.8.2 is already available due to security issues that need to be addressed. This means updating your plugins as well when they update to ensure you have the latest most secure plugin versions.
  • There are several “techie” things that also need to be covered such as server, folder and file permissions. Permissions are what allow access, or not, to your files and folders on your Web hosting server. While this access can be controlled via your .htaccess file — which gets a bit techie for many, you can install the WP Security Scan Plugin to make sure you have your bases covered. This plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions.
    • passwords
    • file permissions
    • database security
    • version hiding
    • WordPress admin protection/security
    • removes WP Generator META tag from core code

For those with a little more experience working with WordPress code and .htacess files, here are a couple articles with even more tips to ensure that your WordPress site remains secured:

As a site owner the onus is on you to protect your investment for those with too much time on their hands or who may have nefarious motives. Review these issues carefully and make sure your WordPress site is as secure as it can be.

About the Author:

Judith Kallos is an experienced good-humored Technology Muse who has offered WordPress Consulting and Web Site services for over a decade. Be sure to check out her popular site 123 More Income so you can learn to make more money online.

WordPress How To: Update to the Latest WP Version

Posted by | How To | No Comments

Previous to WordPress 2.7, updating WordPress required deleting certain files off one’s Web hosting server and replacing them with the newer updated versions. For those a bit techno-challenged or not familiar with FTP and WordPress, even with an update plugin this was a daunting task.

Now the automatic update feature is included so that a site owner can easily update to the newest version of WordPress with little time and effort — and no techie knowledge. This feature is located in Tools > Upgrade. You’ll know when you need to update as you’ll see the pale yellow “nag” bar at the top of the admin screen when you login in prompting you to update.

But, before you update we need to do a little housekeeping:

  1. First save a copy of all your WordPress pages and posts to your hard drive. You do this by clicking on the Tools icon in the left sidebar and then Export. On the next screen click on Download Export File. You might want to create a new Folder on your hard drive where you keep all you Web site files. Name it WP Backup so you know to save all backup files for WP there (and you’ll know where to find them if you need them). It is a good idea to back up this file once a month anyway regardless if an update is needed.
  2. Second, backup your WordPress database. There is a nifty plugin that makes this process a no brainer, WP-DBManager. This plugin is also a must have for repairing and optimizing your database (which you should be doing minimally monthly to keep things running smoothly).
  3. To be safe, deactivate all plugins before upgrading.

Once you get the above tasks accomplished, follow the links in the nag bar (it’s called a nag because that yellow bar will be up there nagging you until you take care of the important issue noted) and update your site to the latest version of WordPress.

Then, don’t forget to update and reactivate your plugins. You’ll see with each WordPress update that plugin developers also update their plugins which you can also do with one click. You’ll see the now familiar yellow nag bar under the plugin name in the plugins area with a link to “upgrade automatically.”

It’s not likely that there will be an issue with updates and plugins. In most cases a rogue plugin that has not been updated by the developer is what will cause problems or break a WordPress site. To troubleshoot this, if you find after an update that something is not working as it was, go through the systematic process of deactivating your plugins one at a time until you find the culprit. If the developer has not updated his/her plugin to work with the lasted update, find another plugin whose developer is on top of these things.

Turns out that while WordPress 2.8 was recently released, 2.8 – 2.8.3 had some serious security issues. Now 2.8.5 is hardening security even further. The most alarming being that a hacker can reset passwords including your Admin and totally lock you out of your site. If that is not worth updating, I don’t know what is! The current WordPress update addresses these issues.

This is so serious the nag should be red and bold and bigger to note the seriousness of this required update, not wimpy pale yellow. Are you one of those ignoring that nag bar thinking “no big deal”, “I’ll get to it … ” or “I don’t have a clue what to do!”? Now you have no excuse to continue to ignore this very important update.

If you are not on 2.8.5 you need to follow the above suggestions pronto! From what I hear WordPress 2.9 is coming out next month with a bunch of new neato features too!

About the Author:
Judith Kallos is an experienced good-humored Technology Muse who has offered WordPress Consulting and Web Site services for over a decade. Be sure to check out her popular site 123 More Income so you can learn to make more money online.