{"id":142,"date":"2008-05-05T01:58:04","date_gmt":"2008-05-05T06:58:04","guid":{"rendered":"http:\/\/www.jasonmorrison.net\/content\/?p=142"},"modified":"2008-05-05T01:58:04","modified_gmt":"2008-05-05T06:58:04","slug":"keep-your-wordpress-site-from-being-hacked-with-automatic-upgrades","status":"publish","type":"post","link":"http:\/\/www.jasonmorrison.net\/content\/2008\/keep-your-wordpress-site-from-being-hacked-with-automatic-upgrades\/","title":{"rendered":"Keep your WordPress site from being hacked with automatic upgrades"},"content":{"rendered":"<p>I&#8217;ve already written about what to do <a href=\"http:\/\/www.jasonmorrison.net\/content\/2008\/fixing-a-this-site-may-harm-your-computer-warning-part-2-hidden-iframes\/\">once your site has been hacked<\/a>, but let&#8217;s talk a bit about hack prevention.<\/p>\n<p>I think it&#8217;s fair to say that most people manage their own WordPress installation because they have some programming background and want a little more control than you get with a hosted solution like Blogger or WordPress.org.\u00a0 Webmasters like you and me usually know a bit about security and how important it is to keep things up to date.\u00a0 The problem is that every minute spent upgrading your CMS to the latest version is a minute not spent writing or running your business.<\/p>\n<p>So you know you should download the latest patch, make backups, disable, plugins, install&#8230; but it&#8217;s already 1 a.m. and you need to meet clients in the morning, so you put it on the back burner and your site ends up hacked.\u00a0 What&#8217;s the solution?\u00a0 If you&#8217;re Technorati, the solution is to motivate bloggers a bit more by <a href=\"http:\/\/wordpressphilippines.org\/news\/technoratis-ultimatum-upgrade-wordpress-to-25-now-or-your-blog-will-not-be-indexed\/\">threatening to delist them<\/a>.\u00a0 I can understand their point of view.\u00a0 But how about something a bit more positive &#8211; automation.<\/p>\n<p>There are two ways I&#8217;ve automated WordPress upgrades.\u00a0 One is through Fantastico, which is a really cool script management system that your web host should probably provide.\u00a0 I&#8217;m <a href=\"http:\/\/www.howtospoter.com\/web-20\/wordpress\/3-reasons-not-to-use-fantastico-for-wordpress\">giving up on Fantastico<\/a>, though, because it takes a long time for it to notice updates.<\/p>\n<p>The second way I just tried out recently is <a href=\"http:\/\/wordpress.org\/extend\/plugins\/wordpress-automatic-upgrade\/installation\/\">the WordPress Automatic Upgrade plugin<\/a>.\u00a0 I&#8217;ve tried it out on three blogs now and so far so good &#8211; it hasn&#8217;t skipped a beat.\u00a0 This functionality really needs to be folded into WordPress itself &#8211; with 2.5, they added the ability to automatically upgrade plugins but it seems like most security holes lately are found in the WordPress code itself.<\/p>\n<p>That plugin is WordPress-only, but I recommend doing some research to see if there&#8217;s something similar out their for your blog software or CMS.\u00a0 Even if WordPress never has another security bug, there&#8217;s always Joomla, and Drupal, etc&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve already written about what to do once your site has been hacked, but let&#8217;s talk a bit about hack prevention. I think it&#8217;s fair to say that most people manage their own WordPress installation because they have some programming background and want a little more control than you get with a hosted solution like [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[251,111,223,110,250],"class_list":["post-142","post","type-post","status-publish","format-standard","hentry","category-blog","tag-cms","tag-plugin","tag-security","tag-wordpress","tag-wordpress-automatic-upgrade"],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts\/142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/comments?post=142"}],"version-history":[{"count":0,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts\/142\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/media?parent=142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/categories?post=142"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/tags?post=142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}