The recent news involving the WordPress MailPoet Plugin vulnerability, is yet another reminder to all web site owners to maintain and update their websites.
WordPress is an easy and powerful system that allows all owners to update content with little effort. This system is bases on an open-source model, which is what also makes it so vulnerable.
The WordPress MailPoet Plugin vulnerability is particularly unsettling because your site does not have to have the MailPost plugin installed or even enabled. According to Daniel Cid, CTO of security firm Sucuri.
“To be clear, the MailPoet vulnerability is the entry point,” he wrote in a blog post. “It doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website.”
First step in any WordPress update is to backup your site. A few minutes spent backing up your WordPress site (files and database) is a small price to pay if something goes wrong. With a backup, your site can be returned to a working stage, in far less time than without a backup.
Second step in an WordPress update is to update one plugin at a time. Working on one plugin at a time and testing, will allow you to immediately identify which plugin may have caused an error. This method can be quite a time saver.
Third step in an WordPress update is to backup your site again. You just spend some time updating WordPress, updating plugins, and testing your site, it is important to save your work.
Finally, one of the most important things about a WordPress backup, is to store a WordPress backup off your web hosting server. Having a backup off site, gives you a secondary line of defense in case of a hack or catastrophic event.