I’ve already written about what to do once your site has been hacked, but let’s talk a bit about hack prevention.
I think it’s fair to say that most people manage their own WordPress installation because they have some programming background and want a little more control than you get with a hosted solution like Blogger or WordPress.org. Webmasters like you and me usually know a bit about security and how important it is to keep things up to date. The problem is that every minute spent upgrading your CMS to the latest version is a minute not spent writing or running your business.
So you know you should download the latest patch, make backups, disable, plugins, install… but it’s already 1 a.m. and you need to meet clients in the morning, so you put it on the back burner and your site ends up hacked. What’s the solution? If you’re Technorati, the solution is to motivate bloggers a bit more by threatening to delist them. I can understand their point of view. But how about something a bit more positive – automation.
There are two ways I’ve automated WordPress upgrades. One is through Fantastico, which is a really cool script management system that your web host should probably provide. I’m giving up on Fantastico, though, because it takes a long time for it to notice updates.
The second way I just tried out recently is the WordPress Automatic Upgrade plugin. I’ve tried it out on three blogs now and so far so good – it hasn’t skipped a beat. This functionality really needs to be folded into WordPress itself – with 2.5, they added the ability to automatically upgrade plugins but it seems like most security holes lately are found in the WordPress code itself.
That plugin is WordPress-only, but I recommend doing some research to see if there’s something similar out their for your blog software or CMS. Even if WordPress never has another security bug, there’s always Joomla, and Drupal, etc…