Number One WordPress Security Step

So, what is the most important step you can take to keep your WordPress blog secure?

  • Keep the software up-to-date

This may sound almost patronizingly obvious, but hold on a second. Every day hackers use unpatched servers or services of one kind or another as the bread and butter of their trade (stealing data, creating Bot networks, selling hacked server access to phishers, etc.).

So, why are there so many unpatched (or under-patched) servers and services?
  • Lack of awareness that a patch or update is available or needed
  • Lack of urgency regarding maintenance
  • Attitude that you are immune to these types of problems, and don’t need to worry about them

The good news is that the WordPress community has resolved the first two problems.
(Folks with the last issue are the reason there will always be script kiddies…)

Here is the quick and dirty path to keeping your blog up-to-date:

(1) Subscribe to the WordPress Development Feed
If you log into your WordPress blog’s administrative interface, you will be notified if a new version is available. But if you are in a low-activity time with your blog, you still want to know when maintenance is needed. The best way is to subscribe to the WordPress Development Feed in your RSS feed reader (You may also want to subscribe to the RSS feeds for the plug-ins you are using.).

(2) Install and Use the WordPress Automatic Update Plug-in
I have two blogs, and have used this plug-in for my last three software updates (including the move to 2.5 yesterday), and have been very happy with how well the plug-in works. Now, I do automated daily backups of my blog db and files. So, I would recommend that you perform your own backup before using the script so you know you can recover if the unthinkable happens (Always make sure you are using the latest version of the plug-in before starting an update.).

(3) WordPress 2.5 Now Includes Built-In Plug-in Updates
I do not think that your site will yet email you when your plug-ins need to be updated (2.5.1 please?), but with 2.5 you can 1-click update your plug-ins, if they are registered with

Step four would also be to make sure that your operating system is up-to-date. Automating that is almost always possible, but is dependent on what operating system you are using. Google “X automated security update”, where X is your OS.

BTW, I found the jump to 2.5 very smooth and have encountered no problems – Thanks, WordPress!

Cheers, Erik