WordPress Security, Upgrades, Back-ups

By jrosen | May 1st, 2013

BX | Strategic Design

In case you haven’t noticed, Cabedge builds a lot of websites in WordPress. This is because we’re able to do some pretty cool stuff from a front end development standpoint, while also putting our clients in position to update their own content on a regular basis in an incredibly user-friendly way. While we are very much platform agnostic, building sites in Drupal and other open source PHP tools, Django (Python), Sitefinity (ASP.net) and our own custom solutions for our clients to update their own content, we’ve found it hard to stray from WordPress of late.

This is due to many reasons, other than the balance of form and function we’ve been able to collaborate with our clients to achieve. It also goes into the overall user experience of a website. Linux hosting sometimes allows for JavaScript, Jquery and CSS3/HTML5 tricks of the trade to be implemented to allow for quicker load times of content for the front end user. In essence, the page will load fully before any user engagement, so that when the user clicks, hovers or engages in some way, the next bit of content is already there – and it doesn’t feel to the user like any load time is happening (because it already happened).

Now, in web development, no two scenarios are exactly the same, and we’ve actually started to make some changes to the way we scope and start projects, to allow for the correct platform decision to be made at the right time. Having said that, WordPress is always a viable option. But no solution is perfect, and WP certainly isn’t excluded from that discussion.

With a custom WordPress solution (or even a basic theme install), there are several things the site owner must account for (all of which are included in all Cabedge service agreements). For the sake of brevity for this blog post though, I’m going to focus on three things that apply to all WP site owners – not just clients of ours: Security, Upgrades and Back-ups.

From a security standpoint, it’s always important to make sure that a few things are happening:

  1. Limit spam – Make sure you have plug-ins like (or similar to) Akisment and Math Reloaded installed, so that bots can’t attack your site with spam, or scripts trying to hack into your admin panel.
  2. Have a secure password – Gone are the days where your favorite phase (tobeornottobe), your kids names (maxdonald) or something generic (changeme) will fly as a password. Not even a set of recurring numbers is safe (12345). We recently emailed clients of ours about this alert we found. Nothing to worry too much about, just a precautionary measure. Instead, make sure you have something like (2b0r#o2b#33), (m@xd0n@ld2#1) or (t#3$need$2bch@ngeD).
  3. Make sure you have Google Webmaster Tools installed on your site. This used to be a cumbersome process a few years ago, but Google has simplified it to the point where it now takes less than five minutes to install a snippet of code and become verified. This can prevent you from ever getting the dreaded “malware” attack screen that some WP site owners have seen this year. SayHowdy if you need help with this.

How to upgrade your WordPress site and plug-ins:

  1. So it kind of depends on what situation you’re in. If you’re running a basic theme install with minimal customization, you should be fine handing upgrades on your own – you will just need to know your FTP credentials. If you don’t know your FTP credentials, make sure you get those and your MySQL credentials from your web provider and keep them in a safe place. You should always be armed with that information.
  2. If you know you’ve had any heavy customization done, it’s probably best to wait until there are multiple updates available to multiple plug-ins on your site, then talk to your trusted web provider about what the best strategy is to update/upgrade them.
  3. Don’t ignore these updates completely though, or even for too long, as they can cause functionality mishaps or even security issues. It’s also always a good idea to Q/A your own site maybe a minimum of once a month. This means, go through and Google your site name, see what shows up. Also, fill out any forms on your site to test them and make sure they’re being received at the correct place. Test any anti-spam plug-ins by pretending you’re a new user, and check to see when the last time your registered users have logged in to the WP admin panel. If any red flags pop up, contact your web provider.


  1. Some web development companies don’t have hosting partners. We do. Atiba Hosting, LLC charges competitive rates for WP sites. Bare minimum, they do a nightly local backup of the entire site and databases locally to another server. Also, for a very small additional fee, they offer offsite cloud backups, rotated and encrypted.
  2. Copyblogger also has a nice article for those folks that aren’t exactly sure what their hosting company is doing to keep their site safely back-up regularly. The main thing is, don’t ignore this stuff because you don’t understand it fully. It’s important not to get intimidated. It’s better to take the time on the front end to make sure you’re covered.
  3. We can help train and coach you on this stuff so you can speak confidently and intelligently on it to your constituencies.

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

What is 15 + 3 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)