WordPress, Plugin Updates, and Security

I Love WordPress
Adriano Gasparri CC License 2006

When you care about something, you want to give it proper love and attention. You love your WordPress site, right?

WordPress Security

In this day and age it isn’t a matter of if your site will be hacked, it is a matter of when. So you have to do your best to put the right things in place to protect your site to prevent or minimize the damage. Lately everything and every plugin has suffered from Cross Site Scripting attacks.

Backups are your single best defence to protect your site. Seriously. If something crashes your site or compromises your site, backups are how you can get back up and running the quickest. And you need to back up often. You also need to be able to compare your backups. By observing what files were on your site when it was working fine and what files are there now, you can perhaps spot what if anything has been compromised. Or in the case of something being broke about your site, what broke it.

I have written previously about backups: Backup before going forward (Part 1) and Backup befor going Forward (part2). These just scratch the surface and talk about the free and cheap ways to backup your site. You may also want to look at plugins such as BackupBuddy that will let you backup to your favorite cloud drive and that provide automation of your backups. It costs money but being able to restore your site to working order is a big thing, right?

And WordPress (the self hosted version) has taken a beating as well and many valiant programmers have stepped up to the challenge to be sure it is as safe as possible. Hence 4.1, 4.2, and now 4.2.2 have all come out very quickly even in WordPress update terms. Read that article if you need more details.

So there are two things you have to think about, 1) Do I let WordPress auto-update everytime they release a new version? 2) Do I let my plugins auto-update every time there is a new version? Perhaps you have build your site(s) on an older version of WordPress. It may be time to get current or advise your customers to get current. Sure, some of the updates have broken “features” you have come to know and love. Often WordPress releases new features as a plugin first and then it winds up being part of the core. Again, if you backup often, you can perhaps afford to allow WordPress to auto-update.

Always Backup before moving ForwardClick To Tweet

Next Plugins: You have to decide what is your strategy. Do you have a testing site before you roll in changes to your production site? Or do you perform everything on your “Live” server? The safest approach is perform all changes on your staging/test server first and then once tested, allow these updates on your live/production site. To make life easier, you should back up both your test site and production site before any updates so you won’t lose so much sleep putting it back to working order. Every made that “rut roh” change. You know, the one that happens in the “Oh No Second” Rats, I shouldn’t have done that. You know the last change you made that shouldn’t have but did break your site?

Conversely though, security is important and so many zero day attacks often happen to our favorite WordPress plugins. For my site, this is so important I have installed a plugin to allow auto-update of plugins. I know this comes with a level of risk but I backup often so I don’t have as much fear. The one I am currently using is called “Automatic Plugin Updates”  Automatic Plugin UpdatesI will not say it is the best and it has not been updated in a bit but it works and it works consistently, so that makes me happy. You can also exclude certain plugins so if you know one plugin updating might break something, you can exclude it from auto-updating. It also sends you an update every time it updates something. I am sure there are other plugins that do the same thing and perhaps they are better but the point is, if you are concerned about security to that level, this is a good tool to have in the arsenal.

You should also consider some type of security plugins to protect your site even more. Here is a great article I wrote about what I do to protect my site: My WordPress Security Essentials

What is your strategy to protect your WordPress site?


The Tech Side of Me Tech News 4/25/2015

This is the start of something new. This idea has been going around in my head for weeks and the idea was to feature my favorite articles I tweeted this week along with some commentary about each one. This may go through some changes but as this is Week 1, let’s get started.

Currently I use Hootsuite to schedule and post my Tweets, Google+ Posts, and Facebook. So from that I get an idea of how many people click on my links. It doesn’t tell me who (that would be scary) but it does tell me how many. So using the unscientific approach of number of clicks shows how popular a tweet was, I will definitely feature those, but sometimes a tweet a topic I hold near and dear fails to get traction either because of the time of day it is posted or some other factor. I will feature those as well.

Have an Android Phone? Want to Find it? Google it

From the Creepy but Cool files, if you enable Google location services on your phone, finding your phone could be as easy as going to Google.com and just typing in “Find My Phone”. It will ask you to log into your Google account (use the primary Gmail account you use on your phone), and then show you on Google Maps the approximate location of your phone. If it is accessible it will also give you an option to ring your phone.

Verizon says “unlimited Data Plans are stupid”

Verizon basically said we are idiots to want unlimited data plans. I know everything has to have a limit so to speak but first selling us unlimited plans and then calling a 2 gig plan unlimited is false advertising. But are we silly to want what we want? We don’t really want unlimited. Instead, we want to pay one price and use it as much as we want and not have to pay ridicules overages. For some of us, unlimited is 2 gig, others it is 6 gig, etc. Granted, we know if someone is using 10 gig plus, well, maybe they should pay more but the system as it is punishes even the least data users. What do you think?

Sysadmins every where Scream at Once

This week two scary security alerts went out. For Windows admins with Internet facing Internet Information Server instances, there was the “HTTP Ping of Death”. Basically a header problem that when attacked would cause a “DOS” Denial of Service issue. Basically the server would hang or even blue screen so that the server wasn’t responding or available. Hopefully everyone is all patched up by now. Hopefully.This was my most clicked tweet of the week.

In other Security news…

Popular eCommerce application Magento finally have an exploit in the wild for a security issue they published about in February. This is a bad one and you need to get patching quickly as exploits are in the wild and thousands of servers were attacked.

Who wants to live forever… Digitally anyway?

So if you should die tomorrow (hopefully you won’t) but if you did, who would you want to have access to your Digital assets? Who would have access to your Facebook, Gmail, Twitter, YouTube Channel, your iTunes account? If you don’t give someone access to these things, the courts may not help. There isn’t much legal precedent for what to do with these elements of a human life. In fact, iTunes as it is currently setup basically belongs only to the person who originally purchased it. So you go and so would your tunes. So if you give access to someone you trust to your digital elements, you allow your digital elements to keep going. Google offers a way to designate someone your Digital Heir. In my case, I designated my wife. This article talks about how laws have not kept up and you really can’t even “Will” your Digital assets to a loved one. But some social media accounts give you a way to allow your designated person to access your accounts.

Jedi Marriage

This is my favorite story of the week: Jedi’s can now get married. (Dang I hate typos! It’s Official.)

A little boy sends a letter to George Lucas asking why Jedis can’t get married. The reply is awesome and a win for Jedis every where. I am so glad. I married my wife in secret because she is a Jedi. Now we can be public about it.

And those are my favorite stories of the week. I hope you enjoyed them.