WordPress, Plugin Updates, and Security

I Love WordPress
Adriano Gasparri CC License 2006

When you care about something, you want to give it proper love and attention. You love your WordPress site, right?

WordPress Security

In this day and age it isn’t a matter of if your site will be hacked, it is a matter of when. So you have to do your best to put the right things in place to protect your site to prevent or minimize the damage. Lately everything and every plugin has suffered from Cross Site Scripting attacks.

Backups are your single best defence to protect your site. Seriously. If something crashes your site or compromises your site, backups are how you can get back up and running the quickest. And you need to back up often. You also need to be able to compare your backups. By observing what files were on your site when it was working fine and what files are there now, you can perhaps spot what if anything has been compromised. Or in the case of something being broke about your site, what broke it.

I have written previously about backups: Backup before going forward (Part 1) and Backup befor going Forward (part2). These just scratch the surface and talk about the free and cheap ways to backup your site. You may also want to look at plugins such as BackupBuddy that will let you backup to your favorite cloud drive and that provide automation of your backups. It costs money but being able to restore your site to working order is a big thing, right?

And WordPress (the self hosted version) has taken a beating as well and many valiant programmers have stepped up to the challenge to be sure it is as safe as possible. Hence 4.1, 4.2, and now 4.2.2 have all come out very quickly even in WordPress update terms. Read that article if you need more details.

So there are two things you have to think about, 1) Do I let WordPress auto-update everytime they release a new version? 2) Do I let my plugins auto-update every time there is a new version? Perhaps you have build your site(s) on an older version of WordPress. It may be time to get current or advise your customers to get current. Sure, some of the updates have broken “features” you have come to know and love. Often WordPress releases new features as a plugin first and then it winds up being part of the core. Again, if you backup often, you can perhaps afford to allow WordPress to auto-update.

Always Backup before moving ForwardClick To Tweet

Next Plugins: You have to decide what is your strategy. Do you have a testing site before you roll in changes to your production site? Or do you perform everything on your “Live” server? The safest approach is perform all changes on your staging/test server first and then once tested, allow these updates on your live/production site. To make life easier, you should back up both your test site and production site before any updates so you won’t lose so much sleep putting it back to working order. Every made that “rut roh” change. You know, the one that happens in the “Oh No Second” Rats, I shouldn’t have done that. You know the last change you made that shouldn’t have but did break your site?

Conversely though, security is important and so many zero day attacks often happen to our favorite WordPress plugins. For my site, this is so important I have installed a plugin to allow auto-update of plugins. I know this comes with a level of risk but I backup often so I don’t have as much fear. The one I am currently using is called “Automatic Plugin Updates”  Automatic Plugin UpdatesI will not say it is the best and it has not been updated in a bit but it works and it works consistently, so that makes me happy. You can also exclude certain plugins so if you know one plugin updating might break something, you can exclude it from auto-updating. It also sends you an update every time it updates something. I am sure there are other plugins that do the same thing and perhaps they are better but the point is, if you are concerned about security to that level, this is a good tool to have in the arsenal.

You should also consider some type of security plugins to protect your site even more. Here is a great article I wrote about what I do to protect my site: My WordPress Security Essentials

What is your strategy to protect your WordPress site?

 

Standing Up For God, a sermon

Editor’s Note: I am not a preacher or pastor, nor am I ordained or have I been to seminary. As a Lay Leader I am called on from time to time to fill in at various churches. 

Scripture Lesson

Occasionally I am asked to speak at other churches and one Sunday I was speaking at a church I had never been to. They asked me if I wanted a wireless microphone and knowing I don’t have a loud booming voice I said yes. I do not have a great singing voice. I do okay on songs in my limited range but I think I probably sound terrible on songs where they are out of my range and comfort zone. So whenever I had to sing I would turn my mic off. I noticed there was (I think) a pzm microphone mounted to the front of the alter. Handing the equipment back to the sound guy at the end of the service I told him I turned my mic off every time I had to sing. He says, “I know, I dragged the slider down on every song on the surface mic as well.” So I don’t know if he was saying my singing really wasn’t that great or he was just trying to help me out.

Surface Microphone

It is the Fourth Sunday of Easter

Some context here:

In Acts 3, Peter and John are going to the Temple during the hour of prayer and they come upon a man who has been crippled since birth. The man every day is setup near the gates of the temple and begs for money and food. Peter and John upon seeing the man heal the man and his legs and feet become strong and he is able to walk. In Acts 4:1-12, we find out this did not go over very well with the Jewish Elders and the High Priests.

 

Acts 4:1-12 New Revised Standard Version (NRSV)

Peter and John before the Council

4 While Peter and John[a] were speaking to the people, the priests, the captain of the temple, and the Sadducees came to them, 2 much annoyed because they were teaching the people and proclaiming that in Jesus there is the resurrection of the dead. 3 So they arrested them and put them in custody until the next day, for it was already evening. 4 But many of those who heard the word believed; and they numbered about five thousand.

5 The next day their rulers, elders, and scribes assembled in Jerusalem, 6 with Annas the high priest, Caiaphas, John,[b] and Alexander, and all who were of the high-priestly family. 7 When they had made the prisoners[c] stand in their midst, they inquired, “By what power or by what name did you do this?” 8 Then Peter, filled with the Holy Spirit, said to them, “Rulers of the people and elders,9 if we are questioned today because of a good deed done to someone who was sick and are asked how this man has been healed, 10 let it be known to all of you, and to all the people of Israel, that this man is standing before you in good health by the name of Jesus Christ of Nazareth,[d] whom you crucified, whom God raised from the dead. 11 This Jesus[e] is

‘the stone that was rejected by you, the builders;

it has become the cornerstone.’[f]

12 There is salvation in no one else, for there is no other name under heaven given among mortals by which we must be saved.”

The Word of God for the people of God.

Thanks be to God.

 

****************************

Let us pray:

Dear Lord it is a blessing to be in your house today. May the Holy Spirit be upon us as it was on Peter. May the words spoken, be your words Lord. Thank you for every day we get to be in your house and every day we are alive to rejoice the blessings you give us.

Amen

 

So a couple of weeks ago one morning I was having some problems with my knee and I considered working remotely for a bit until I could get around better. So I looked at my work calendar to see what my day would entail. I am in the middle of planning a major project and gathering the requirements for it. And there comes a time when you realize you don’t know everything there is to know and you accept that so you ask for help. We have a vendor we have worked with who has truly been a partner for our company and we asked them what do other companies do these days. So I had a meeting planned for 9am and as it is going to be high profile, my boss was going to be there, so I couldn’t really miss it. But then I looked on my calendar and realize some how I had double booked myself at 9am. A guy from another company was coming in to talk to me about his company and convince me I needed to do business with him. So at 7am I am sending him an email apologizing for double booking our meeting and that I could gladly meet with him either earlier or later in the day or we could reschedule. If it is in my control I am usually very good at watching my calendar and not double booking myself. As soon as I got to work I had access to his phone number and I called him and left a message about rescheduling as I didn’t get an answer.

 

A few minutes later and he calls me back. He is already half way there. I explain to him my double booking but since he is half way there, come on in and since we were only scheduled for 30 minutes I would just miss part of my meeting and explain it all to my boss later.

 

So both my 9am meetings arrive and I get one of my team to escort them to their meeting room and I walk Josie to another meeting room I had booked. I apologize for the mixup on my part. So we sit down and do the business card exchange and he tells me he won’t take up much of my time. He explains that before working for this new company he used to work for Palmetto Bank and especially the one in Laurens. So I say, oh, if you worked in Laurens, you know Scott. I noticed the other day he is a VP now. He said he did know Scott and they had worked together quite a bit. I told him Scott and I are in a Christian organization together and that is where he and I met. So Josie begins his spiel and then he stops, what Christian organization are you a part of? I reply, Foothills Emmaus, it is part of Walk to Emmaus. And right there we began talking about our Christian faith and our churches and parts of our journey. So a 30 minute meeting turned into a 45 minute meeting and we may have talked about his business 5, 10 minutes tops. I was uplifted by this meeting. I didn’t even know my spirits were down, but they were definitely lifted by this meeting. And I then had this feeling God had wanted me to have this meeting. And when we absolutely had to break up the meeting, he mentions Scott’s last name. The Scott he knew well and the Scott I knew were not the same person. But Scott had started the conversation. It is not often we get to talk about God at work in this day and age. We don’t want to offend anybody.

 

But speaking out loud about our faith is what we are put on this earth for, to bring others to Christ. Peter and John were spreading the good news out loud to all who would hear and along the way they performed miracles in the Lord Jesus’ name. And the Sadducees and the High Priests called them out on it as it went against their Jewish beliefs. To them Jesus was just another man because to accept Jesus as the Messiah, they would have to give up control. Funny enough, if we follow God, that is exactly what we are supposed to do, give up control.

There is so much persecution of Christians in this day and age. It is more blatant than I can ever recall in the modern age. It could be our news organizations in their quest for a story do a better job of reporting it and so we are more aware of it and it has always been this bad. But ISIS is seeking out and killing Christians, other extremist Muslim groups are doing the same in pockets of the world. And in the US, pray has been pushed out of schools and other public places. We can’t offend others but it is completely okay for them to offend us. And I think about it, what would Jesus do, what would he do? I know he would pray for them, he would forgive them, but he would keep on preaching His Word.

Every year on National Day of Prayer, which by the way is Thursday, May 7. In the past I have booked a room and discreetly asked those I knew to be Christian to participate. And I ask them to let others know. You see, we don’t talk about our faith at work much. There are pockets of Christians who sit together in cubical land and I know I can speak to them about church and goings on in our Faith communities. I have two friends of mine who I have worked with forever and they are both Pastors in their church. I have another friend who was recently ordained as a Baptist preacher and has already found a church in McCormick he preaches at. It is rare we get to talk about Christ at work.

So I invite all I know and I ask them to invite others and we go into a room. Now when I pray privately, I am able to just talk with God. But when I pray out loud, especially in public, my tongue gets in the way. I want to say things as eloquently as I think I can write them. That is why I often write my prayers down or they are very short. It is one weakness I really need to work on. When our Pastor is up here, we not only hear the needs of our church and of our congregations spoken out loud, we hear  about other concerns in the world, areas hit with deadly tornadoes, places who have flooded, or places with extreme drought. We hear about those pockets in the world where Christians are being persecuted for their faith in Jesus. Dying for our beliefs honors God. But living for our beliefs honors God as well. We wake up every morning expecting to start our day and it is another gift from God to be alive another day. But in some part of the world this is not a given. In those parts of the world it is another story. And our Pastor prays for our soldiers all over the world who miss their families and who miss holiday after holiday in a land that is very strange to them and that does not want them there. And in hearing this prayer, I am reminded of these things that so desperately need God’s attention and I am reminded I need to add these concerns to my thoughts and prayers and I need to make sure I am not selfish in my prayers to the Lord, that I am not asking only for the things I believe need to happen like keeping my family safe, and thanking God for blessing us so much but also please Lord, bless others all over the world.

Our persecution in America is silent and it is indirect. It isn’t happening in our home or in our church, but it is happening in our schools and our government buildings. Unlike Peter and John, we aren’t thrown into jail, brought before the Elders and Priests of a faith that does not match ours, and while they were not beat or whipped this particular time, they were others. But Lawyers are fighting the battle against us in courts to prevent us from praying or posting the Ten Commandments. And it is just a matter of time before we are persecuted even more openly. The day is coming when we will be persecuted physically. We will openly be attacked. There will be fighting. In those days we will be like Peter and John, standing before the High Priests. It reminds me of the saying, If you were accused of being a Christian, would there be enough evidence to convict. There are days when it would be tough to convict me on that charge. Lord, I know today did not go according to your will. I said things I didn’t mean to say. I did things I didn’t mean to do, things in hindsight I realize are not pleasing to you. I didn’t say grace and praise you before I ate my meal. Lord, you have made everything in my life possible and I haven’t thanked you enough. I hate the days when I have gotten in God’s way.

 

But today is the Sabbath and we are in the House of the Lord and we can rejoice and say Amen. We are Easter people and we can with the Lord’s help push satan out of our lives. We can give thanks and ask for forgiveness and be the Christians we are called to be. By whose authority are we saved, Jesus Christ.

 

Let us pray.

Dear Heavenly Father, be with us through our everyday. Help us to immediately seek you upon our waking each day. To live as you would want us to live, speak as you would have us speak, and walk as you would have us walk. In your Name, Amen