Ugh, I thought I had my website all shored up and protected from hackers. And why would a hacker want to even hack my site? But low and behold, I got an abuse email from my web host on a Saturday morning that my website was hacked.

We need to inform you that your website for has been hacked. The hackers used a vulnerability in the outdated version of the Gravity Forms plugin installed on your account.

Please restore your WordPress from the daily system backup generated on March 19th. You should also update your WordPress core and all plugins/themes to the latest versions available.

Let me just mention how grateful I am to my web hosting company that they actually send out these notifications. Not all hosting companies do. I have yet to find that unicorn of a perfect hosting company (you can read why I don’t recommend GoDaddy) but my hosting ICDSoft, even with its drawback, are exactly what I need. If i didn’t get that notice from my hosting company, I would have had to spend quite some time sleuthing to find out where my site got hacked.

Because my hosting company had so many processes in place, In just a few minutes I was able to restore my website in just two steps:

  1. Restored my website from a clean backup (my web host does daily backups)
  2. Updated the outdated plugin (my WordPress and theme were already up to date)

Backups & updates

While the newest websites such as WordPress come with so much power at your finger tips, these new websites are not static. No longer are the days when you build a site, you can just leave it and nothing will change. New WordPress sites require regular maintenance including site backups, wordpress updates, theme updates and plugin updates. If you have the savvy, we definitely can point you to the wordpress codex on how to do these things. However, we recommend that you hire us at least quarterly to take care of these things for you. We know what to do if conflicts occur or if styles go wonky. These things do happen… we’ve all installed new OSs on our phones to see apps not work… it’s the same thing. It’s a good rule of thumb that it will take us about 1 hour to do a site backup and associated updates. Please budget it in your website maintenance costs.

The Importance of Backups

Backups are super important so you have a “clean” version of your site to restore if anything goes awry such as a hack or a plugin that causes a crash. The way websites are built today, many sites do not have a local copy of the site on their desktop or dropbox. So even more importably you should purchase hosting that has daily backups. And if you are super cautious, copy at a regular interval one of those backups to your local drive or dropbox.

How often should backup?

If you are creating lots of new content on a regular basis such as a blogger or a product site that releases new products regularly, I recommend backing up once a week to once a month depending on how often you are creating new content. My web host does daily backups.

The Importance of Updates

In a WordPress site, updates are three fold.

  1. WordPress
  2. Your theme – unless it’s a custom theme by us
  3. Your plugins

Remember, before you do an update, you must back it up first!

Updates to WordPress

Updates to the WordPress framework is often not critical, sometimes it’s just bug fixes or enhancements. But sometimes it is critical…such as security updates. In either event it’s good to keep WordPress up to date just as it’s important to keep your iOS up to date.

Pros: Keeps WordPress secure from possible hackers
Cons: Can trickle down and make plugins or your themes no longer work.

Updates to you theme

If we built you a custom theme, you do not need to worry about updating your theme. My developers build our custom themes using hooks that “hook” into WordPress core files and keep the design files independent of WordPress. We cannot predict if WordPress will in the future change hooks or make huge structural changes to their core files. But until that happens our custom themes are built to work over WordPress updates.

If we built you a rebranded premium theme, this means we customized a theme that someone else built. These themes are very powerful and for all of these sites, we create Child Themes so that when the theme needs updating, our customizations for your rebrand stay in tact. Premium themes updates would include new features, bug fixes, or security patches.

Updates to Plugins

Plugins are little apps that we install into your site for specific functionality. If we didn’t build you a custom app for your site we are using plugins built by third party developers. Regardless if it’s a paid or free plugin we do not have control whether or not these plugins will break if WordPress is updated. Often times a plugin that is popular will provide updates based on WordPress updates. As this is all variable, we do not have control over plugins and whether or not they provide updates or if they will work once WordPress updates.

Take away on Backups and Updates

This is truly is a game of chase. Nothing stays still and only you can decide what will work best for your website.

At the very least,

  1. Set a backup schedule that works for your site
  2. Update WordPress regularly
  3. Update your Theme regularly
  4. Update your plugins regularly
  5. Save a maintenance budget for an hour of work if you would like us to do this for you

Want us to schedule in a backup and update, contact Leslie now.

Pin It on Pinterest

Share This