Tips for Updating Your WordPress and Keeping it Secure

Keeping your WordPress setup up-to-date is a critical component of your overall security strategy along with strong passwords, and a secure hosting environment.

As Matt points out in a recent post, with each new version of WordPress it has become easier to be notified of updates, new plugins, and in WordPress 2.5 there is even a one-click auto-update feature for plugins.

In addition, one-click updating of the core WordPress software is something that’s being actively tackled for future versions of WordPress.

So what’s the best way to update your WordPress ? Matt has a good summary:

  1. Upgrade your blog to the latest WP. This shouldn’t be hard. There are plugins for it, if you’re techy use Subversion, there is the standard FTP method, and finally Media Temple, Dreamhost, and Bluehost (through SimpleScripts) all have been pretty good about having their one-click upgrade systems ready with new versions within a day or two of a release. If your host is chronically behind, vote with your wallet and switch.
    • If you need someone to help you upgrade, consider hiring help on the wp-pro mailing list. (It has close to a thousand subscribers and consultants on it.) Or you could always ply a geeky friend with caffeine, libations, food, or gadgets. Just get them to setup a system lik the above so you can do it yourself next time.
  2. Change your passwords, for yourself and any other users you have on the system. If the attacker grabbed your password when you were on an old version, they can still log in after you’ve upgraded if you don’t change it. There’s a new password strength meter in 2.5 helps you pick a good password.
  3. Search through your posts for any that might have been modified, and comb through the directories on your web server looking for anything out of the ordinary. Your host may be able to help you with the latter.

And big picture, if maintaining and upgrading doesn’t sound like something that your organization wants to tackle and you are hosting your blogs on your own infrastructure, consider hosting with a provider that offers one-click upgrades ( we list a few here ) or hosting on WordPress.com VIP.

[ via Photomatt ]