On average, a major release for WordPress happens three times per year. These release cycles increase the version number by increments of .1. So we go from WordPress 2.7, 2.8, 2.9, 3.0 and so on. These are considered “major” releases.
In between these releases, security fixes are released as needed. So we go from version 2.8.1, 2.8.2, 2.8.3 and so on. Many times, releases like this simply reflect the need for bugs and flaws to get fixed quickly.
So while it might seem like a pain to have to update, it’s really just a security measure meant to keep your site 100% secure.
Minimize Your Risk:
Here are some things that you should be doing to minimize your risk…
- Backup, backup, backup! You can use the WP DB Backup plugin to backup your WordPress installation.
- Keep your themes and plugins updated! Anytime you see a notification to update to the latest version of WordPress, back-up your files, and UPDATE!
- Only download plugins from reputable sources (WordPress.org). Only use plugins and themes that are actively being developed (read: updated) and that have solid reviews.
- Keep an eye on WordPress security news sites (like this one) to see if there’s any issues with any plugins or themes that you might be using.
- Delete any plugins that you are not actively using (don’t just de-activate the plugin, delete it).
- Get a free website scan. You can scan your website for free to see if it’s infected with malware here (courtesy of Sucuri Security).
What about you? Have you updated to the latest version of WordPress lately? How about your plugins? What are some of your favorite (must-have) plugins and themes? What are some themes and plugins that you’ve had issues with in the past?
I thought my sites were pretty good but after running the scan you suggested in item 6 I found my personal site has an old malware script on it!!
Crazy. And thanks for the tip!!
Update, Update, Update! Heh, I couldn’t emphasize that enough and thus this post.
The folks at Securi Security are solid – they really know they’re stuff!
Turns out this wasn’t a WordPress deal. Site got hacked on the server side it appears. Bummer man.
Good tip about deleting inactive plugins, rather than just deactivating – I didn’t realize that. Maybe you can do a blog post about all the security plugins available out there. And what about changing your database table prefix?
Hey Tina,
Yep, that’s a great idea! I”ll make a list of some security plugins for a future posts here…
Listen Debt Relief Programs, that’s my line. Leave it alone. 😀