Lesson 54: WordPress Maintenance and Security – Best Practices

1. Keeping Up to Date

Like any software,  WordPress  is constantly being improved—more features,  more efficient code, increased security, and so on—as are themes and plugins. Not having an up-to-date WordPress  installation is a common  cause of malfunctions and one of the key reasons sites get hacked.  You must keep everything up to date. Fortunately, updating is a simple task. In addi- tion to that,  you can maintain your WordPress  site to keep it running  smoothly  in other ways.

1.1. Updating WordPress

Following are two types of updates  for WordPress:

  • Automatic minor updates,  for example, 4.0 to 4.0.1
  • Major version manual  updates,  for example, 3.9 to 4.0

The minor updates  are for security and minor functionality fixes, whereas the major version updates  have key new features,  along with some security fixes. As the name suggests, the automatic updates  occur without any need for action on your part.

WordPress  is clear about  the availability  of major updates  or minor updates  that for various reasons cannot  be automatically applied.  A warning  message with a link to perform  the update displays at the top of every admin screen until the update  is completed,  as shown in Figure 32-1.

FIGURE 32-1

If you’re logged in as any role other than Administrator, the message tells you to notify your administrator of the update.  Also, an Update button appears  on the Dashboard if there’s an update available—displayed next to the name of the version you’re running.

For automated updates,  the administrative e-mail is sent a notification that the update  has taken place.

1.1.1. Automated Updates

At one time, all updates  for WordPress  had to be done manually,  but to make life easier for users and to ensure that minor updates  were applied,  because they often involve security fixes, it decided to automate non-major updates.

It was also possible to automate these updates  between major new releases because they rarely involve changes that could affect plugins or themes. Nevertheless,  you always need a regular backup routine  in place just in case something  negative happens  because of any update.

Although  WordPress  has tried to make its automated updates  work on as many server configura- tions as possible, there may be some situations in which they do not work.  In that case, your admin screen can show a message saying an update  is available and you need to do it manually.

You can also turn off automatic updates  if you prefer to do them manually.  Some plugins for that purpose  are mentioned at the end of the lesson.

1.1.2. Major Version Updates

When WordPress  undergoes  significant changes, the update  is not automatically applied,  but the process is still extremely simple: You press a button.

The trick is to do a full backup  of your files and your database prior to pressing the button, and WordPress  reminds you of this. Unless your regular backup  routine  happens  to have fallen on the day of the update,  you should do a special backup  so that you have a snapshot of your site at the moment  before the update.

The reason for the caution  is that there is a slight chance of something  going wrong during a major update.  Out of literally thousands of updates  to hundreds of site clients over 7 years, I can count on one hand the number  of times I’ve had to revert to a backup.

1.1.3. Completely Manual Update

There can be situations in which pressing the Update button does not work,  but you’ll know this already because you also won’t be able to upload  media files without having to enter your hosting account  information.

If your hosting company  won’t fix this problem  with file ownership and you haven’t bothered to find a new hosting company  that will, then you have to do a fully manual  update  of WordPress.

There isn’t enough room here to go into the details of a manual  update  because there are a lot of variables.  WordPress.org has a handy three-step  manual  updating process (http://codex.wordpress.org/Upgrading_WordPress), but even with that,  it warns you that you may need even more details on its extended  upgrade  instructions page (http://codex.wordpress.org/ Upgrading_WordPress_Extended).

1.1.4. Troubleshooting WordPress Updates

As mentioned, it’s rare for there to be problems  even during major updates,  but if you do encounter them, they fall into three main groups:

  • WordPress loads but has error messages; weird characters appear  at the top of the screen; or certain functions  aren’t working.
  • Your screen is white except for an error message.
  • Your screen is completely blank (white screen of death).

In most of these cases, a plugin is clashing with WordPress.  What you should do depends on the state of your screen.

If you can access the WordPress  admin screen, the first thing to do is deactivate  all your plugins. If you don’t have a lot of them, you can try re-activating them one at a time until you find the culprit.

If you have a lot of plugins, first try activating  one-half of them. If you’re still running  fine, activate the other one-half.  When you know which half caused the problem,  you can start deactivating that half one at a time until the site works properly.

If you can’t access the admin screen, but you have an error message, there may be a clue in that message as to which plugin is causing the problem.  In that case, you can use an FTP program to go into your plugins directory  and change the name of the plugin’s folder. That will cause it to deactivate,  and when you refresh the WordPress  admin screen, it should be up and running.

However,  often the error message relates only to a symptom  and not the cause of the problem.  In other words,  the file mentioned in the error message is one that’s not working  because of a problem somewhere  else. Fortunately, if the error message doesn’t help or you have a completely blank screen, the process of checking plugins previously described can be done through your FTP program.

Through your FTP program, rename your plugin directory  to something  such as plugins-old, which has the effect of deactivating all the plugins. You should now have access to the backend  of WordPress.  Next,  you create a new directory  called plugins. Then, one at a time you drag a plugin’s folder from one directory  to the other until you find the problem  plugin.

Whenever you find a broken  plugin, simply leave it deactivated while you research what’s happening. Check the plugin’s page on the WordPress  Plugin Directory  to see if others are having the same issue. It may be a matter  of waiting for the author to come up with a fix, or it could be there’s a conflict with an update  in another plugin.

If you purchased the plugin, e-mail the company  and explain what happened, what version of WordPress  you’re running, what version of PHP your server uses, and what other plugins you have.

If it’s vital to have that  plugin working  immediately,  you could consider  using a different plugin. Or if that’s not an option, it may be that  the previous version will continue  to work.  You can get earlier versions from the Developer  link on the plugins page in the WordPress  directory,  or if you have a paid plugin, you should  have the earlier version on your hard  drive. Try reinstalling  and see if that  works.

1.1.5. WordPress Cleanup

In addition to keeping WordPress  up to date, some maintenance tasks can be useful to perform  from time to time, depending  on the size and activity of your site. Some of the key tasks are described here, and you can find lists of plugins at the end of the lesson, which can help you with each of them:

  • Revision Cleanup: By default, WordPress  keeps all revisions you make to Posts or Pages. Many of these, particularly as time moves on, probably are not worth  There are plugins that can help you clear out old revisions in bulk or change the revision function,  so WordPress  keeps only the last four or whatever  number  of revisions you choose.
  • Media cleanup: Between uploading different versions of files or uploading ones you never end up using, your media library  (and hence your server) can become unnecessarily bloated.  Coupled  with the multiple images that  WordPress  creates for each one you upload (and this could be a dozen or more depending  on the theme and plugins you use), you can see how stuffed your server can become. Deleting unneeded  media files can be a huge help. There are plugins that  can make the process easier by tracking  down  whether  a file is used anywhere.
  • Trash cleanup: By default, WordPress  clears out files in the Trash area 30 days after they’ve been placed there. However,  it can be good to go through it after you’ve done any major house cleaning and delete them right away.
  • Database Repair: Over time, databases can become filled with unnecessary data,  or table information can become corrupted. This can slow down your site. But there are plugins that can help without having to know anything  about

Your website is like a big closet. Easy to stuff with lots of unneeded  items—and  just as easy to keep clean with a bit of effort.

1.2. Updating Plugins

When plugins require updating, the most visible notice from any screen in the admin area is a tiny graphic displayed next to the Plugins link on the main admin menu, as shown in Figure 32-2.

FIGURE 32-2

The number  in the circle tells you how many plugins need updating. The admin toolbar also has an update  indicator showing total Plugins and Themes needing an update.

Figure 32-2 also shows the Plugins page—plugins  needing updating have a color-coded highlight and a notice about  a new version. You can also view only the plugins that need updating by clicking the Update Available link on the text menu at the top of the Plugins screen.

Following are two ways to do the actual updating of plugins:

  • From the Plugins page you can click the Update Now link for an individual plugin or use the Bulk Action function  to update  several at once.
  • From the Dashboard Updates link on the main admin menu, choose one or more plugins, and click the Update Plugins button.

If you ever experience a problem  after updating a plugin, see the section “Troubleshooting WordPress  Updates,” earlier in this lesson.

Over time, you may accumulate plugins that have been deactivated and are no longer used. It’s important to delete these.

Even if plugins are not activated,  WordPress  has to process them to a certain extent for listing on the Plugins page. It may not be much for each plugin, but if you have 10, 20, or more plugins you’re not using, you might as well delete them.

There’s also a security issue involved here. As long as a plugin remains installed,  its files are sitting on your server. If a security flaw is discovered by hackers,  those files could be used by them to cause problems,  despite the plugin not being active.

Remember,  plugins are easily reinstalled  at any time, whether  from the WordPress  Plugin Directory or a paid plugin, which you’ll have a copy of on your hard drive (right?).

1.3. Updating Themes

Like plugins, themes may need updating for various reasons.  It could be that they have a special functionality that relied on something  in WordPress  that has now changed.  Or the new version of the theme takes advantage of new features in WordPress.  In either case, you need to perform  an update.

Theme updates  are included in the number  that appears  beside Dashboard Updates on the main admin menu. That’s why after having updated all your plugins, you may still see a number  listed.

You can do theme updates  from the Updates page, just as with Plugins, or from the theme library where you can see a clear notification on the theme’s thumbnail, as shown in Figure 32-3.

FIGURE 32-3

Some premium  or commercial  themes may have their own methods  for updating. Following are some examples:

  • Log in to the company website, download the new version as a zip file, install it through the WordPress  theme upload  function,  and delete the old version.
  • Log in to the company website, download the new version, manually  upload  the folder via FTP, and overwrite  the old version.
  • Load a special plugin that handles the updating.

In any case, you should receive some sort of notification, perhaps  through the WordPress  Updates area of the menu, with instructions on how to perform  the update.

Just as with plugins, it’s not good to keep more than a few themes in your theme library at any one time. In particular, there can be security issues with outdated themes.

Some automated WordPress  installers include dozens and dozens of themes from the WordPress.org site. There’s no good reason for this, when it’s so simple to preview and then install a theme at any time. Get rid of all these extra themes.

Or if you’re working  on a site redesign and you’ve been loading several possible themes, make sure you delete them after you’ve made your choice.

2. Keeping Backups

Back up or die. It should already be your mantra for your home devices; now do the same for your website. Without a backup  of your data,  you face disaster if something  happens;  it rarely does, but the key word is “rarely.” Because it’s even remotely possible for your server to crash or a hacker to mess up your files, you must keep backups.

And for backing up WordPress,  there is only one course of action: Automate your backups. I’ve tried many different ways over the years to educate clients and readers about  how to back up WordPress,  how often to do it, and how to get into a routine  of doing backups.  Almost without exception, it doesn’t happen. We get busy, we forget, we get intimidated by the process; whatever  the cause, people do not take the time to back up their sites.

The good news is that it has become so easy to do automated backups  with free and paid plugins, or third-party services, that there’s no point in even trying to develop a manual backup  routine.  Whatever  method  you use, make it an automated one that’s easy to restore.

2.1. The Elements Of Backing Up

After being blunt about  the “why” of doing backups,  I’ll now briefly consider  the what,  where, when, and who, followed by some details on the how.

2.1.1. What to Back Up

Following are two elements to a WordPress  backup:

  • Site files (WordPress, themes, plugins, and your media files)
  • Site database (settings and all your text content)

You need to understand that these are completely separate  on the server and require differ- ent methods  of backing up. Check that a plugin is doing both,  or understand which plugin is doing what,  so that you’re covering the other backup  by some other means.

2.1.2. Where to Keep Backups

The golden rule of backing up, whether  for your home devices or website, is to store the backup somewhere  else. Even better is to have two backups,  each in a different location.  I remember  years ago storing a backup  hard drive for my computer at my parent’s place. Luckily I never had to wake them in the middle of the night to access my data.  These days there are better options.

When you’re looking into backup  options  for your WordPress  site, you need to make sure the backup  is not being stored on your server. The whole point of the backup  is to restore it if something happens  to your server.

One solution  is to get a hosting account  with a different host and store your backups  on that account.  An advantage of this method  is that if your current  site crashes and you decide it’s time to switch hosts, your files are already at the new location,  speeding up the switchover.

The cloud is a popular choice for backups  these days, because it’s somewhere  other than your server and services like Amazon S3, Google Drive, Dropox and many others are usually very cost effective. If you have a large site, storing even just a few backup  versions can add up, so you want a low-cost storage solution.

Another  location  for backup  storage,  depending  on the size of your site, is an e-mail account  such as Gmail with plenty of storage.  If you’re backing up your database separately  from your site files, this can be an ideal method  for storing the database file, which is typically quite small when zipped up.

And, of course, storing a copy of your website on an external  hard drive is another simple and cost-effective solution.  Notice I didn’t say “stored on your computer’s hard drive,”  because you won’t want to be worrying  about  computer crashes just when you need to restore a backup.

The ideal scenario: one backup  in the cloud and another on an external  hard drive. Whatever  the plan, make sure you choose a plugin or service that can handle it.

2.1.3. When to Do Backups

How often should you do a backup?  As often as necessary.

I don’t say that to be funny or cryptic. It simply means that the frequency of backups  will vary for different sites or for the same site over time.

For example, say you spend 3 weeks getting ready to launch your site. You should set your backup for every day or even twice a day depending  on how much you’re doing each day. A weekly backup would miss a lot of material.  After the site is launched  and you’re adding a new Post once a week, say, then a weekly backup  would be reasonable.

2.1.4. Who Should Do Backups?

Everyone. Whether  you run a personal  blog, a site for your soccer team, or an online store, you need backups.  Your content  is valuable and you need to protect  it. Besides, backup  solutions  cost nothing or very little, and when they’re automated they don’t require your time.

Following are some excuses I’ve heard for not backing up, all of which are just wrong:

  • I have a very reliable host.
  • I update my content  only a couple of times a year (!).
  • I have all my original Word docs and images on my hard drive.

These people are delusional:  Accidents happen  to any host. Even if your content  isn’t changing, WordPress  and plugins are, and the point of a backup  is so that you don’t have to reconstruct your crashed site from scratch.

2.1.5. How to Do Backups

The two choices previously mentioned were: plugins or third-party services. Now we’ll consider the latter,  and end with plugins in general. Then a list of some plugins is provided.

Third-Party Backup Services

Although  you may store your backups  with a third party,  such as Amazon S3 or Dropbox, this section discusses third parties that actually handle the backup  software  as well as the storage.

Your hosting company  is actually a backup  service you should consider first because it already takes care of your website files. However,  you need to keep the following in mind: Do not rely on your hosting company’s default backup system.

Most hosting companies  regularly make backups  of their servers, but those are rarely kept longer than the next backup,  and these are typically images of the entire server. For them to extract your particular site’s data is not worth  their time. And if you read the fine print of most hosting companies,  they do not guarantee a backup  of your files.

Currently, more and more hosting companies  advertise individual  site backups  as part of certain hosting plans. So it’s definitely worth  looking into what your hosting package includes.

Most hosting companies  do offer a backup  service for an additional fee, but here’s an important question  to ask: Where do they store the backups?  If it’s on your hosting account  or even on the same server where your account  is located,  that’s a problem.  If the entire server goes down,  not only is your site inaccessible, but also are your backups.

In addition to your hosting company,  you can also check with other hosting companies  to see if they have accounts  for backing up sites. That way your backups  are stored on a completely different server system, and if you need to switch hosting companies,  you’re already set up with one.

Another  type of third-party backup  service is one such as VaultPress,  which is run by the folks who make WordPress.  Many other backup  services are available,  such as blogVault,  Codeguard, BackBlaze, and DropMySite; search for website backup services.

Free and Paid Plugins

With the advent  of the cloud and inexpensive  hard-drive storage,  along with the development of sophisticated automated plugins,  you don’t need a third-party service to get great backup  protection.

Some plugins back up only the WordPress  database. You do not want these plugins. If there were plugins that just automated the backing up of site files, then I might say, get both plugins, but there aren’t any files-only backup  plugins that I know of. Even if there are, I know from experience that average site owners are not going to manually  do FTP backups  of site files every time they get an e-mail saying their database has been automatically backed up.

Don’t set yourself up to fail: Just get a plugin that backs up both your files and your database.

What about  plugins for moving websites? Although  these do create complete copies of your database and files, their primary  purpose  is to take a snapshot of a site and re-create it immediately  on a subdomain or elsewhere. If the plugin has the capability  to schedule automated copying, it might work for backups.

Some plugins do full automated backups  but do not have the capability  to tie into cloud or other storage services, such as Amazon S3 or Google Drive. For some people, this could work,  but in my experience,  the average website owner would benefit from the simplicity of a paid storage  service.

For example, consider home data storage.  For years there have been ways to link all your home devices to a central data storage location,  whether  on one of those devices or a stand-alone network drive. Yet how widespread has this practice actually become? Not very. But along comes cloud storage with a simple set up, and you hear grandmothers talking about  backing up photos  of the grandkids.

You should use an automated backup  plugin that has the capability  to tie into several different storage solutions.

Remember,  if a plugin is saving only a full backup  to your own hosting account,  you’re responsible for downloading that backup  so that it’s stored somewhere  else (preferably  two other places).

Restoring Backups

It’s one thing to have complete backups  stored in safe locations,  but if you can’t easily restore a backup,  the value is lost to some extent.  Yes, you can pay someone to do a restoration or maybe your hosting company  can help, but for many people, the goal should be to have the same plugin do the restoration.

To sum up, following is the ideal backup  plugin solution:

  • Full backup of files and database
  • Scheduled, automatic backups
  • Storage to at least one location different from your server
  • Simple restoration of backups

Although  there are a couple free plugins that meet these requirements, you’re more likely going to need a paid plugin, including paid versions of some free plugins mentioned next.

3. Keeping Your Site Secure

Every piece of software  on the Internet  is threatened by hackers.  Because of its tremendous popularity, WordPress  is a regular target.  The good news is that protecting yourself is not nearly as daunting as it might seem.

Two of the most important elements of WordPress  security have previously been covered: staying up to date with all aspects of your site’s software,  and having a backup  if something  happens.

This lesson shows you six additional steps you can take to increase the security of your WordPress  installation. Although  these are not exhaustive,  if you do all or most of these steps, you’re much better off (sadly) than a great many users. Some other issues you need to be aware of in the constant effort to ward off hackers are also covered.

3.1. Six Steps To Greater WordPress Security

None of the following steps are difficult to do; the hard part is remembering to do them or getting in the habit of doing them.

3.1.1. Strong Passwords

Every security expert will tell you that weak passwords are the leading cause of software breaches.  As you saw when first setting up WordPress,  you need to pay attention to the password strength  indicator and use only passwords that trigger a reading of Strong.

Following are the six criteria for a strong password:

  • At least eight characters in length
  • Some lowercase letters
  • Some uppercase letters
  • Some numbers
  • Some characters such as #&!
  • No actual words

And just so it’s driven home visually, following are some examples:

  • Bad—Harp78
  • Good—k7Te%w8Xq

I know,  you’re thinking  to yourself the good password is hard to memorize,  but that’s part of what makes it good. Use a password manager  program to store these hard-to-memorize passwords.

While random is best, it is possible to have a password you can memorize yet is still pretty strong. Take a random phrase,  such as “The 4 cats drive a Lexus through Dallas each morning  at 9” and use the first letter of each word to create this password: T4cdaLtDema9. This is the minimum  length for creating a password this way; the longer the better.

Randomness is crucial; don’t use a phrase from books,  movies, songs, and so on. The more visually memorable the random phrase is to you, the easier it will be to remember.

And do not rely on substitution methods  like this:  p@ssw0rd, r@nd0miz3, and so on. Hackers easily incorporate these substitutions into the dictionaries they use.

Another  approach is to memorize a random set of at least 6 symbols and numbers,  such as “7%$9#4.” Then take a word of at least 6 letters and add two numbers  at the end, such as “debate24.” The first number  tells you which letter to capitalize and the second tells you the point at which to inject your random symbols and numbers,  so the resulting password would be:  dEba7%$9#4te. One of the advantages here is that you only memorize one thing, yet you can generate any number  of passwords.

Two-Factor Authentication

The hot topic in security these days is two-factor authentication, which means requiring  two components for logging in. Typically, the components consist of something  the user knows (a pin number)  and something  the user carries with them (a bank card).

Obviously,  a physical component is not practical  for things such as logging into WordPress,  so a second piece of knowledge  makes sense, but it needs to be knowledge  accessible only by the user at the moment  of login. If a temporary second password generated  for that transaction could be transmitted to the user, that would be equivalent  to possessing a physical object. Enter the mobile phone.  A temporary password is simply texted to the phone.

The way it works is you have a plugin on WordPress  which, when you sign in with your username and password, immediately  triggers a code to be sent to the phone you’ve already registered.  You have to enter this code before you can get into WordPress.  At the end of this lesson some plugins that enable this kind of stronger  login process are mentioned.

3.1.2. Use Reputable Themes and Plugins

Corrupted or unsecure themes and plugins are one of the leading causes of hackers worming  their way into websites. And these themes and plugins tend to come from unreliable  sources.

Free themes and plugins should be downloaded from one of only two places:

  • org
  • A well-known commercial theme or plugin maker’s site

Go anywhere  else and you could be leaving yourself open to problems.  Ask yourself this: If it’s free, why isn’t it in the WordPress.org directories?  Anyone can submit his work,  which is then given a thorough check, not just for viruses and malware,  but also for coding compliance  and other standards.

Some commercial  theme or plugin makers put free items on their sites to give you a taste of their work.  If they’re reliable, that’s fine. This is particularly true of themes. If you’re not sure of the theme maker’s reputation, you can always run the theme through the Theme Check plugin, mentioned in Lesson 27, “Overview of WordPress  Themes.”  There are also plugins that scan all your site files for possible malware,  as mentioned at the end of this lesson.

3.1.3. Do Not Use “Admin” for a Username

WordPress  no longer automatically gives the first user on the system the username  “admin.” However, many people continue  to enter that as their choice when first installing WordPress.  Don’t do it.

If you set up a security plugin that monitors access to your site, you would not believe how many people will try to get into your WordPress  by entering “admin” as the username.  These hackers know that eventually they’ll strike a site that’s using it, and then they’re part way toward getting in.

If you have an account with the username “admin”  you need to get rid of it right now!

All you have to do is create a new administrator account  with a username  unique to yourself. Then log out and log in as the new user. Delete the “admin” account,  assigning all its Posts to you.

3.1.4. Change the Database Prefix

When you install WordPress,  you’re given the option  of choosing the prefix for the names of the database tables. The default is wp_ but you can use any prefix you want.

Although  I’m not completely convinced that this offers much protection, all installations have the same table names following the prefix—it’s an easy step when you’re installing WordPress,  so you might as well do it.

3.1.5. Vigilance

You can protect  yourself in a number  of ways by keeping an eye on certain elements of WordPress. Regularly check your list of users. Filter for administrators and editors.  Make sure there are no unknown users suddenly appearing, which could mean that hackers have set themselves up with control  over your site and access to your files through the theme and plugin editors.

Delete temporary administrators. If you hire someone to work on your site, create a temporary administrator for the task, and when they’re through, erase it.

Delete the accounts  or change the passwords of any former administrators, editors,  or authors. And there are plugins which will automatically force current  users to reset their password after a certain amount of time; see the end of the lesson for some examples.

Make  sure no backups  of your wp-config file exist. Neglectful  developers  may make a temporary backup  of this crucial file. If they leave it on the server, it won’t be protected, and depending  on how they saved it, it may be a plain text file. Figure 34-1 shows a backup  of a config file exposed on the Internet  and how easily it can be opened  as a text file, revealing all the database login information:

FIGURE 34-1

By the way, I found this file (and thousands more like it) with a simple search using Google. Don’t make things this easy for hackers.  And just so you know,  these kinds of vulnerabilities have been pointed  out on the Internet  for more than a decade, so there’s no excuse for leaving backed-up copies of config files on the server.

You can look for these files on your hosting account  using an FTP program or the File Manager of your hosting Control Panel. Look for things such as wp-config.txt or wp-config.php.bak. Any variation other than wp-config.php is vulnerable. Simply delete them, but, of course, don’t delete wp-config.php.

3.1.6. Limit Login Attempts

Hackers  don’t actually have to break into WordPress  to cause you problems.  They could simply flood your login page with attempted logins. When I say flood, I mean hundreds or even thousands of attempts in a short period.  On shared hosting,  this can often have you shut down as the hosting company  works to prevent the server from being overloaded and all other sites suffer.

There are plugins that limit how many times a single user can try to log in before being blocked; a few are mentioned at the end of the lesson.

3.2. Dealing With Sensitive Data

Some hackers just want to break in for the fun of it or to use WordPress  as a tool for larger acts, but others are after data,  such as personal  or credit card information.

Following are two security elements relating to sensitive data:

  • Collection
  • Storage

Common solutions  exist for both,  in addition to specific steps you should take.

3.2.1. Collecting Sensitive Data

Suppose you have a form on your WordPress  site where you need to collect data  such as a person’s address,  insurance  policy number,  or Social Security number.  Unless the page containing the form is protected by secure browsing  (an HT TPS in the URL), the data  can be stolen as users enter the information.

With an SSL certificate for your site, you can use a WordPress  plugin to designate that form page as HTTPS. Actually, you can make your entire site secure that way, including your administrative area.

The other important element in all this is retrieving the sensitive data.  The normal  action for any form is to have it e-mailed to you; however,  regular e-mail is also susceptible to hacking.  You can use plugins to have WordPress  send your e-mail through a secure mail server. (One is mentioned at the end of the lesson.)

3.2.2. Storing Sensitive Data

The short answer to the problem  of storing sensitive data in WordPress  is: Don’t do it!

For data from web forms, plugins exist that write the information to your WordPress  database and e-mail it to you. Typically, the reason for doing this is to allow the exporting of gathered  data all at one time to be imported into a spreadsheet or an offline database.

If that’s the case, you need to retrieve the data every day, or even more frequently  if a lot of data exists, and then delete it from WordPress.  Do not keep the data stored online.

Better still: find a plugin that  offers an automated method  for securely transferring the data  to a safe location.

Remember:  There are no good reasons for storing sensitive data in WordPress. It’s that simple.

3.3. Secure Hosting

One aspect of security that sometimes is overlooked is your choice of hosting companies.  Although the services offered are almost identical,  including the software  used to provide those services, important differences can exist in how that software  is set up.

3.3.1. Account Firewalls

Most individuals  and small businesses have their sites hosted on a shared server. That is, their account  is just one of hundreds or possibly even thousands of other accounts  on the server. It’s an efficient and cost-effective way of providing  inexpensive hosting,  but it poses an important security problem:  keeping those accounts  separate.

You could take every security step discussed so far, but if your neighbors  on the shared server aren’t vigilant and a hacker gets into one of their accounts,  that can leave you vulnerable, unless the hosting company  has properly  insulated  accounts  from one another. There have been several well-publicized  security breaches over the years, in which literally thousands of websites were hacked or brought down because the hackers wormed  their way in to others’ accounts  through the server system after hacking one account.

The most you can do is research this before using hosting companies.  Ask what steps they take, check forum postings for signs it has happened before, and Google the company  name and security breach, and so on.

The ultimate  defense you have is a good backup  routine.  If a server breach occurs, just take your backup  and move to a new hosting company.  The switch is often faster than waiting for the problem to be fixed.

3.3.2. Visible Directories

Earlier in the lesson you saw a screen shot of someone’s file directory  where there was a backup  of the wp-config.php file (refer to Figure 34-1). Well, it wasn’t just the readable  backup  file that was a problem:  You should not have been able to view a list of all the files in that directory!

When you browse  a domain  name, you’re actually  browsing  the home directory  on the server. And when you try to browse  a directory,  the server looks for certain  types of files: default. html, index.html, index.php, and so on. If it doesn’t find one, the server may, depending  on the hosting  company’s settings, simply display a list of the files in the directory,  with a link to each file, as shown  in Figure 34-2.

FIGURE 34-2

You can see how a simple search turns up visible directories,  and from a directory,  you can download a wp-config.php file. Notice that I’m not accessing the file through a browser,  which would have processed the php file and nothing  would happen. What I did was right-click a file and download it to my computer, and that’s only possible if the directory  is visible.

WordPress  protects  itself from hosts who leave directories  visible by placing blank index.php files into all directories  that shouldn’t be open. You can see this at work by adding the following to the end of your domain  name: /wp-content/themes/.

If you try to view that URL, you should get a blank white screen; that’s the index.php file at work. If it weren’t there and your host allowed visible directories,  you’d see a list of all your theme folders.

If for some reason a WordPress  directory  is visible, you can solve the problem  in the same way, by uploading a plain text file called index.php, containing only <?php //Silence is golden ?>

Make sure you don’t have anything  after the closing bracket, not even a space.

You can do the same for any folder you create on the web that does not have an index.php file (or other type of default file).

3.3.3. File Permissions

Sometimes, someone in a forum advises others to change the permissions  on a folder or file to 777. That means anyone can read the file, edit the file, or delete the file. The advice is usually meant to solve some issue a person has with WordPress  or a plugin.

Never change a permission  level to 777.

Your problem  might temporarily be solved, but you’re opening yourself up to much larger ones. No proper  fix for a problem  should involve changing permissions  to that level of openness.

Although  different hosting companies  have different approaches to file permissions  and ownership, at WordPress.org, you can find a good discussion about  the recommended types of file permissions you should see in a WordPress  installation—and none of them are 777, not even upload  directories. Here’s the URL:

http://codex.wordpress.org/Changing_File_Permissions

Leave a Reply

Your email address will not be published. Required fields are marked *