Keeping your site up to date
Video: Keeping your site up to dateAn important step in securing your WordPress site is keeping things current and up to date. Running the most up-to-date version of WordPress ensures that you have all the latest bug fixes, security patches, and new features. This screencast demonstrates how to stay current with everything, right from the comfort of the WordPress admin area. With WordPress there are three things that should be kept current: core files, plug-ins and themes. The good news is that by default WordPress will let you know when it's time to update any of these three items.
- Next steps
Viewers: in countries Watching now:
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
- Backing up and restoring your site
- Setting up strong passwords
- Choosing trusted plugins and themes
- Protecting the configuration file and the admin directory
- Securing the login page
- Fighting comment spam
- Blocking access and detecting hacks
- Finding and reporting vulnerabilities
Keeping your site up to date
An important step in securing your WordPress site is keeping things current and up to date. Running the most up-to-date version of WordPress ensures that you have all the latest bug fixes, security patches, and new features. This screencast demonstrates how to stay current with everything, right from the comfort of the WordPress admin area. With WordPress there are three things that should be kept current: core files, plug-ins and themes. The good news is that by default WordPress will let you know when it's time to update any of these three items.
When it's time to update WordPress itself, you'll see the famous 'update nag', as it's called, appearing at the top of every page in the WordPress admin area. Let's click on the Posts menu, and we will see the menu there. Or if we're in the Comments area, we will see the menu as well. When you see this message, a new version of WordPress is available, and so it's time to upgrade. To begin the process, click on the Please update now link and review your options. It's important to make a good backup before you perform the upgrade, and then you have the option of updating automatically or downloading the current version and doing a manual upgrade.
Likewise, when a plug-in update is available, the Plugins menu panel will look like this. First you will notice a circle with a number of available updates. Then, scrolling down through the Plugins page, you can see which plug-ins are available. You should see a link next to each available update to update automatically, but you always have the option of upgrading manually as well. And likewise, when a theme update is available, a similar update reminder will appear in the Admin area, in the Dashboard Update screen. Click on Dashboard and then Updates and we see the plug-ins and themes listed here.
Here we can see that a new version of the Skulls theme is available, and we also see our plug-in update available as well. If there are multiple themes and/or plug-ins available, they will be listed here on the Updates page, ready for an easy bulk update at your command. So for those of us who log in to the WordPress Admin area on a regular basis, these reminders definitely help to stay current, but not so much if you rarely visit the admin area. Without seeing these messages, you may never know that a new version of a plug-in or theme is available, and your site may be unnecessarily left at risk for attacks and exploits.
Fortunately, there's a handy little plug-in called Update Notifier. If we click on the Plugins page, we see Update Notifier installed, and this plug-in is great because it sends an email whenever an update is available, it's easy to install, and provides a simple settings page in the Settings menu. Click on Update Notifier, and as you can see here, everything is very straightforward and basic. If we need to add a second email for notifications, we can do so here, and we can even limit our notifications to that email only.
There are also options for update notifications for plug-ins and themes. Once you have your settings in place, click Save Changes, and you're good to go. This is a perfect way to keep track of any site that you don't visit on a regular basis. Lastly, a great way to keep an eye on things is to check the Dashboard feeds. If they aren't showing, you can enable them by going to Screen Options and selecting WordPress Blog and Other WordPress News. Close the Screen Options and you will see the news feeds appearing here.
This information is a great way to stay current with breaking news, and it's only a click away from within the WordPress admin. Remember, staying current with themes, plug-ins, and WordPress itself helps keep your site secure against potential threats and vulnerabilities. By displaying visual reminders in the Admin area, WordPress makes it easy to stay current as new updates become available.
There are currently no FAQs about WordPress 3: Developing Secure Sites.