If you’re running a WordPress website on your own self-hosted account, then you’ve got some maintenance to do.
WordPress releases new versions of its software quite often – at least several times a year. Releases vary from major (3.x to 4.x, for example) to minor (4.6 to 4.7, for example) to patches (4.7.1 to 4.7.2, for example).
Any time there’s a new release of any kind, it’s a good idea to update your site. New releases often come with security patches and part of keeping your site safe is making sure you’re running the latest version of WordPress at all times – along with the latest version of all themes and plugins.
Right now, updating WordPress is even more important. Just last week, WordPress released a patch version – 4.7.2. It wasn’t widely announced at the time, but it’s become apparent since then that this release contains a major security fix. Without this update, your site is vulnerable to attack – and thousands of WordPress sites have been hacked since this vulnerability has become known.
What you should do right now
If you’re running a WordPress site, update everything!
The basic steps are:
- TAKE A FULL BACKUP. No matter how small the update, things can always go wrong. You will absolutely need a full backup of the site to fall back on, and someone who knows how to restore from it, should anything bad happen. If you don’t have a full back, STOP. Get one!
- Next, update your themes. Under Appearance –> Themes in the menu, you’ll see a notice on each theme that has an update. Click each in turn to update them.
- Next, update your plugins. Under Plugins, those with an update will be marked with a pink bar and a link to update. Click each in turn to update them – I like to check the site after each one just to make sure all is well.
- Lastly, update the WordPress core. Under the main Dashboard menu item, there’s an Update submenu item – you can go here to see the link to Update Now for WordPress itself.
If anything should go wrong – the site doesn’t load, or the dashboard won’t load, or errors are reported – stop! Use your backup to restore the site and try again. Most problems are caused by an improperly updated plugin – you may need to shut down your plugins and/or remove one to move forward.
If all this sounds too scary, don’t worry! You can hire someone – like me! – to take care of it for you via my Maintenance Package.
What you should do in the long term
Consider booking regular maintenance on the site – monthly, quarterly, or biannually.
Consider adding a firewall to the site – Wordfence is the gold standard and its free version provides excellent protection against hackers.
Make sure the site is being backed up regularly on an automatic basis and that you have access to those backups.
What to do if it’s too late
Already been hacked? Hopefully you have a backup to work with, even if it’s a little out of date.
In any case, don’t mess around – go straight to Securi. They’re geniuses at restoring lost sites and making sure your site is clean and well protected. Worth every penny!