Since this blog is running on WordPress I tend to read some articles about WordPress now and then to keep up with news. Recently I came across the WordPress.com site where I saw a promotion for the newly launched WordPress.tv site. Security caught my attention hopefully yours too…
The WordPress.tv website is dedicated for video’s on tips, how-to’s and more about WordPress starting with video’s from WordCamp. WordCamp is a conference type of event that focuses squarely on everything WordPress. Everyone from casual end users all the way up to core developers show up to these events. These events are usually highlighted by speeches or keynotes by various people.
I clicked on the promotion link to be send to the WordPress.tv website. Soon I arrived at the WordCamp video’s, picked some video’s, scanned through them and stopped to take a closer look whenever something interesting showed up. One video in particular got my attention when I scanned through it.
The video I’m talking about and also the main reason for this post is that the presenter talks about his experiences running a professional blog-network using WordPress .
The video is called “Running a Blog Network” by Jeremy Clark from Canada.
I chose to embed part two (it’s cut up into three parts).
In part two Jeremy is talking about WordPress security and about getting your WordPress Blog hacked. Also Jeremy gives some tips (do’s&don’ts) how to not be hacked.
Who’s the audience: anyone running a WordPress blog (self hosted or hosted (e.g. via installatron)) as long as you are not using a WordPress hosting company/site like “wordpress.com” (they do the maintenance for you, and you are less flexible).
So is there no relation with virtualization at all? Sure there is I know at least one Virtualization blogger who experienced problems caused by being hacked. Maybe you noticed some time ago that Richard Garsthagen’s theme changed dramatically – from a enriched blog to a flat and simple blog. I believe the blog is restored in his original state now, but there you have some sort of virtualization link 😉
So far the intermezzo, now some of the tips from Jeremy (watch the clip for more):
- Get the latest release of WordPress
Just like windows WordPress is very popular and not only from an users standpoint but also for hackers, so keep your patch level up to date
- In relation to the previous point keep it simple and do not use a lot of plugins if you do not really, really need them. When upgrading to a new version of WordPress, not all plugins continue to work and they can cause a site shutdown
- Make a backup! Take a complete current version of your blog offline (a copy) or private in order to have a extra (clean and original) set of files available.
- You can easily create a backup by running a wordpress site on your laptop using a virtual appliance from the marketplace, beware with choosing the appliance you will have to put the files from your live blog into that appliance, so that must be possible.
- Test upgrades and changes first on your copy of the blog, and if they turn out to working properly you can change it in your live environment
- Use an existing template, for usability and compatibility, they have been pretested and verified to work with most known browsers
Let me know what you think!