Hi there!

Today, I’m proud to announce the launch of our very own host-agnostic WordPress migration plugin: Migrate Guru!

Since we first started, BlogVault has grown to become a major player in the field of WordPress backups. A huge contributor to our growth has been the fact that our subscribers came to us to help them solve issues related to their websites.

Over time, we received a large number of requests and queries about WordPress migrations. We tried solving these problems at first with other migration plugins, but we realized that most of them needed tons of manual work as well as constant monitoring. We basically needed something like Iron Man’s Jarvis to help us out.


via GIPHY

The result? Well we did what engineers do (i.e. we basically built Jarvis…but for migrations).

Our ‘Jarvis’ was an in-house tool to help us automate the migration process. We eventually could bundle it with BlogVault to offer our users better functionality. Having it also let us partner with leading WordPress webhosts (such as WP Engine, Flywheel, Pantheon, and many others) for onboarding their customers.

Our experience got us thinking that if our existing customers and partners had such a great need for migration tools, so would others!

Turns out:

  1. Most site owners who don’t have the time to do it themselves either hire web developers or turn to their hosts.
    However, these aren’t ideal options since they could turn to be expensive affairs (and/)or take time.
  2. The others who have technical knowledge use WordPress migration plugins, but even these need manual work.

This is why we built Migrate Guru. Migrate Guru is a free-to-use migration plugin that makes WordPress migrations quick, and easy. Moreover, since the plugin performs the migration process on our servers, it’s poses ZERO risk to your live site. This also ensures that the migration process doesn’t time out, no matter the size of your site.

While the Migrate feature will continue to be a part of the BlogVault product, Migrate Guru is our way of giving back to the WordPress community. We’ve used our knowledge gained from migrating over 500,000 sites, and hope that it makes life easier for anyone using it.

 

Oh, but don’t take our word for it…

 

Check it out for yourself, and let us know what you think!

 

GitLab deleted the wrong database, but when ineffective backup solutions got added to the mix, the site’s system admins had to battle the perfect storm to get the site online. The takeaway from this situation? Choose your backup solutions carefully.

 

GitLab's system admins battle the perfect storm of system errors and inefficient backups to get the site back online
GitLab’s system admins battle the perfect storm of system errors and inefficient backups to get the site back online

 

GitLab, the online tech hub, is facing issues as a result of an accidental database deletion that happened in the wee hours of last night. A tired, frustrated system administrator thought that deleting a database would solve the lag-related issues that had cropped up… only to discover too late that he’d executed the command for the wrong database.

What Went Wrong with GitLabs’ Backups

While the horror of the incident might have been mitigated by the fact that GitLab had not one but five backup methods in place, the problem was that all  of them were discovered to be ineffective. Here’s a quick run-through of the different backup methods GitLab had, and what went wrong with each of them:

  • The LVM snapshot backup wasn’t up-to-date– the last snapshot was manually created by the system admin 6 hours before the database deletion.
  • The backup furnished on a staging environment was not functional– it automatically had the webhooks removed, and the replication process from this source wasn’t trustworthy since it was prone to errors.
  • Their automatic backup solution was storing backups in an unknown location, and to top it, it seemed that older backups had been cleaned out.
  • Backups stored on Azure were incomplete: they only had data from the NFS server but not from the DB server
  • Another solution that was supposed to upload backups to Amazon S3 wasn’t working; so there were no backups in the bucket

 

As a result of these issues, the system admins are struggling to get the 6-hour old backup online. The progress of the data restoration has been closely followed by well-wishers, and many have appreciated the website’s transparency, especially under such duress.

 

How to Identify a Good Backup Solution

It’s certainly freaky that all the five backup solutions that GitLab had were ineffective, but this incident demonstrates that a number of things can go wrong with backups. The real aim for any backup solution, is to be able to restore data with ease… but simple oversights could render backup solutions useless. This is why you should watch out for the following traits in any backup solution:

  1. Backup solutions should match your need
    In the case of GitLabs, automatic backups were made once in every 24 hours. Considering the amount of data being added every minute, however, real-time backups would have been perfect for them. While not being the best in terms of data-conservation, the last manual backup was performed by the system admin 6 hours before the crash, and so was the most viable option. Choosing the right backup solution for your need requires the consideration of the frequency of data-addition, the levels of user activity, and the server load.
  2. Backup solutions should allow easy, quick restoration
    The problem with GitLab’s backups stored on its staging environment, was that the replication process was difficult to manage. When you’re already burdened with the responsibility of getting your site back up, you shouldn’t be worrying about the restoration process.
  3. The backup solution should be completely independent of your site… in a known location
    In the GitLab situation, the problem was not knowing the backup destination. This isn’t a problem with WordPress backup solutions,since they usually store backups on your site’s server… or on a personal storage account (such as Dropbox, Drive or Amazon S3). However, this means most of the time, they either require you to access your crashed site for backups… or they store the API key to these accounts on your site (which poses its own problems). Both these options present Catch-22 situations of ‘site is down so need backups, can’t access backups because site is down’. It’s important for you to know all there is to know about your backup destinations.
  4. The backup solution should backup your entire site
    Backups that only contain part of your site (such as GitLabs’ Azure backups) aren’t really reliable when your site goes down. In the case of WordPress backups, some solutions might backup your site except for custom tables (such as those installed by WooCommerce), so you need to be wary of such situations.
  5. You should be able to easily test your backups
    The real problem with all the backup solutions GitLabs had, was that they hadn’t previously tested them… and hence had to give them a hard second look after encountering restoration-related problems. The real concern is that their backups weren’t discovered to be inefficient until they actually needed them. This is why testing backups should be a part of your backup strategy.

 

We’re all human at the end of the day, and the job of a systems admin, especially when overloaded with spam, can never be taken lightly. This is why backups exist– to have an easy ‘undo’ in case there ever is an error, and your site goes down, or data is lost.
We can only hope that things go well for the GitLab team, as they rush to get their data back.

GitLab’s status can be monitored via this Twitter feed. (When this article was published, 73% of the database copy had been made).

Updating WordPress is something that every site owner has to do, at least for WordPress’ security updates. Automating updates seems like the easy way out, but how do you know if your WordPress site is compatible with, and needs any other updates?

 

Atuotmatically updating your site might seem like an easy way out, but there's more to it than meets the eye.

 

Every new WordPress site owner faces a conundrum when it comes to updating their WordPress site. Even if you only have to click on ‘update’ to update the sites, there are so many updates happening so frequently that simply updating might seem like a gargantuan task. This is why automating the process might seem like an easier route to take.

 

What Does it Mean to ‘automate’ WordPress Updates?

Ever since version 3.7, WordPress has allowed security and translation updates to happen in the background of every default installation, but this doesn’t include major and add-on updates… Which means a huge chunk of updates are still not performed. This is why choosing to perform automated updates on your WordPress site is a tempting choice. Moreover, it’s an option that can be carried out in a number of ways. It means every update on your site would happen automatically. You wouldn’t be shown notifications, wouldn’t need to click on ‘update’ everywhere, and you can stay at peace.

 

Making this decision isn’t as easy as it sounds though, simple because of the consequences it might have on your site. This is why we’re going to break it down for you.

 

The Pros of Automating WordPress Updates

It reduces your workload

Automating updates for both WordPress Core and add-ons on your WordPress site isn’t recommended, since any of these updates could contain changes that might cause your site to crash. But even just automating WordPress’ major core updates would reduce the amount of work for you as a WordPress site owner, since you would only have to worry about the add-ons.

It makes your WordPress site better in every way

WordPress updates allow the addition of new features and security patches for known vulnerabilities, thus making WordPress sites more functional, and secure. Automating your site to update, therefore, would help your site be more functional for your site’s visitors and users, as well as more secure for everyone.

 

The Cons of Automating WordPress Updates

There are a number of downsides to automating updates on your WordPress site, but the extent to which this might affect your site negatively, depends on what you choose to update, and how you choose to do it.

Your WordPress site could crash

Depending on the functions, and the scale of the changes in the updates made (whether to WordPress Core or to add-ons), your WordPress site could crash.

If you automate WordPress Core updates, there is a possibility of the old add-ons on your site not being compatible with the Core changes. As a result, your site could crash.

Automating add-ons is not recommended. This is because there are thousands of different plugins and themes, and although they’re coded to be compatible with WordPress, they’re not all coded with each other in mind. This means your site could crash with the update of any one plugin or theme.

The aftermath of WordPress crashing takes time to fix

If you choose to configure your WordPress site to automatically update via code, and not a plugin or a service, you’ll have to make changes to your site’s wp-config file. This can be daunting, and can take time for a novice.

Moreover, no matter why your WordPress site crashes, you will have to restore it to a recent backup, and figure out which update caused your site to crash… which again will take time.

Automated updates with Managed WordPress Services have consequences too

Using managed WordPress services (those that update your WordPress site for you as a part of maintenance or hosting services) might seem like an easy option, but it also has a number of consequences.

  1. If you have chosen to enable automatic updates with a managed WordPress service, they will email you with the update schedule. In this case, you will have to check all the elements on your site for compatibility before approving the update.
  2. If an element on your WordPress site is not compatible with an update, you will have to ask your WordPress manager to postpone the update until you fix the issue.
  3. It is added trouble for you as a WordPress site owner, if you can not fix the issue causing incompatibilities by the time managed WordPress services force updates on your site. This would mean that your site would break, and you would have to restore it to a previous backup that is recent enough. If you own an e-commerce WordPress site, this isn’t an option, because of the constant input of data on your site.

 

Deciding to automate the updates to be made to your WordPress site isn’t an easy decision, especially if you don’t know your WordPress site inside-out. However, it’s something that every WordPress site owner has to do, a least for WordPress’ security updates. Learning whether your WordPress site needs any other updates to be updates is a time-taking experiment, but it’s one that will pay off in the end. The only way to make sure that your site is safe, is to rely on an intelligent, secure backup solution to create backups before you perform any update or make any changes to your WordPress site.

Over the past few months, we’ve been working on a number of changes at BlogVault. Not only do we have an improved UI, we’ve also got a bunch of new features that are bound to make managing your WordPress site a lot easier, and secure.  

BlogVault has got a new dashboard that is better in every way, from allowing users to access our features for intuitively, to providing more than just backups.

Let’s take a look at a few of the changes, shall we?

Your BlogVault dashboard now has two major areas:

  1. Site Listing
  2. Site Details

Each area has specific functions, and together provide:

Ease of Use

BlogVault’s new site listing feature helps you see all the sites you’ve added to your BlogVault dashboard. From this part of the dashboard, you can filter sites based on their status:

 

The BlogVault dashboard's Site listing page

 

‘Active’ sites are those that have the BlogVault plugin installed on them, and use the plugin regularly.

‘No Plugin’ sites are those added to your dashboard but haven’t got the BlogVault plugin installed. (This could also be because of a problem during installation.)

Sites that are ‘Unreachable’ are those that have the plugin installed, but our servers are unable to reach, due to a connectivity error, or probably due to firewall or network settings.

‘Hacked’ sites are those that the BlogVault plugin has detected malicious files on.

We built in this categorization of sites to help you see exactly what’s going on with your sites at a glance. Moreover, the Site Listing page also allows you to find a particular site, based on tags that they might have (more on this later).

 

Easier Account Control

With our revamp, we’ve also changed your account and billing settings so they’re easier for you to manage.

 

The 'My Account' drawer opens up all the details related to your dashboard and subscription, easily.

 

Everything related to your BlogVault account is easily accessible, and easily changeable too from the ‘My Account’ drop-down. You can change anything about your account, from your email address to the BlogVault subscription plan you’re on.

Your profile on the BlogVault dashboard
Your profile on the BlogVault dashboard gives you important details at a glance.

 

Optimized for Teams

This brings us to our other new addition: the option to add team members to your BlogVault account. Our new Account settings allows you to manage a team that can handle every aspect of backup, management and security of the sites linked to the BlogVault account.

 

BlogVault's new dashboard is optimized so you and your team can manage and secure sites.
BlogVault’s new dashboard is optimized so you and your team can manage and secure sites.

New, Improved Features

BlogVault now comes as a comprehensive package that allows our customers to backup, manage and secure their websites in every way. All you have to do, is to click on any one active site from your Site Listing page.

 

The BlogVault dashboard gives you a plethora of options to help you manage and secure your site too!

 

As you can see, we offer you WordPress backups, but also management and security settings that help you manage and secure your WordPress site. While the old UI allowed you to see all the features on the right in a sidebar, we’ve revamped BlogVault to let you to see it all under each option (Backup/Management/Security).

Backup features

Our backup features have always been functional enough to rely on completely, but with our new UI, they’re more accessible, and easier to use.

 

Backup features on the new BlogVault dashboard
Backup features on the new BlogVault dashboard

History

The History tab has been given a full revamp, and allows you to see the last 30 backups made of your site more clearly. You can see exactly what happened with each backup, and add notes more easily as well.

 

backup_2_history_

 

 

Again, as you can see, you can select any backup version you have and choose to migrate, test restore, or automatically restore from it. You can also upload any version to Dropbox, or add a notes to help you differentiate versions.

Download Backup / Upload Backup

Both ‘Download Backup’ and ‘Upload to Dropbox’ options are very different functions, but have a single form, that requires the following:

  1. The backup version you would like to download (or upload from)
  2. Your site’s database credentials
  3. Your hosting server’s credentials (which come under Advanced Options, along with the next option)
  4. A choice of whether you’d like to store either tables and files, only tables, or only files from your WordPress site

There is also a section that requires your HTTP Authentication credentials, which are your WordPress site’s credentials.

 

Both 'Upload to Dropbox' and 'Download backup' functions use the same form
Both ‘Upload to Dropbox’ and ‘Download backup’ functions use the same form

 

Migrate

The ‘Migrate’ option allows you to easily move all your site’s content and functionality to a different domain name or a different hosting service. All you require for this option, are the FTP credentials of the new site/domain/hosting service you’d like to move to.

 

Migrating with the new dashboard (the Auto Restore and Migrate features use the same form)
Migrating with the new dashboard (the Auto Restore and Migrate features use the same form)

 

Auto Restore

Perfect for when your site suddenly goes down, the ‘Auto Restore’ backup option has the same form to fill up, except that it requires the FTP credentials of the site you’d like to restore (which is your current site).

As you can see from the previous screenshot, we’ve also got a handy FAQ section on the right for all migration and auto restore- related FTP questions, so you have all the answers at your fingertips.

Test Restore

This option creates a test-environment (a replica), based on the latest backup version of your site, complete with the links, videos, images, and everything else on your site. You can click on these links, and they’ll work like they would on your site. Once BlogVault is done creating this test-version of your site, we mail you the link you can access it on, along with its FTP details, so you can experiment and see if you want to make any changes to your site.

If you’d like to make a Test-Restore of a different backup version of your site, you’ll have to go to the History tab, select the desired backup version, and then restore from it.

You can perform a Test Restore with a single click
You can perform a Test Restore with a single click

 

Backup Now

BlogVault automatically backups your WordPress site every 24 hours, but if the backup schedule is just too far away (such as when you want to make an instrumental change but want to make a backup just before), this option comes in handy.

The Backup Now option also shows up on the Management and Security functionalities (just look for the following icon):

Backup Now icon

This allows you to backup your site before making any changes to it.

 

Management Features

From allowing you to manage your WordPress site’s users to  helping you update the plugins and themes on your site, the Management feature allows you to manage your WordPress site to be secure against threats.

 

The Management features now available on your BlogVault dashboard
The Management features now available on your BlogVault dashboard

 

Manage Plugins

You can manage all the plugins and themes installed on your WordPress site from this option. This means you can see the version you have of each, as well as whether to update specific add-ons, or all of them.

Manage Users

With the ‘Manage Users’ option, you can remotely delete, or change the role or password of those who have access to the site, without having to log in to your WordPress site’s dashboard.

 

Managing your WordPress site's users with the BlogVault dashboard
Managing your WordPress site’s users with the BlogVault dashboard

 

Security Features

We also have a Security feature that allows you to harden your site and clean your site of malware. The Security feature helps you harden your WordPress site, as well as to clean malware and hacked files with a single click. Moreover, since our scanner is built to be accurate and intelligent, it detects the most complex hacks, without raising false alarms, or alerting you of ‘possible hacks’.

 

The Security features on the BlogVault dashboard: When you have a hack on your site, it lets you see the files, Auto Clean with a single click, and harden your site so it's more secure
The Security features on the BlogVault dashboard let you harden your site against future attacks, lets you see hacked files when you have a hack, Auto Clean with a single click, scan your site whenever you want

 

Secure Site

The BlogVault dashboard now features hardening settings under the ‘Secure Site’ feature. These are settings recommended by WordPress, that help make your site more secure against hacks. We’ve categorised these settings into two sections: Basic, and Advanced.

Here is a look at some of the basic security fixes:

 

Basic Secure Site settings
Basic Secure Site settings

 

The advanced security fixes require some caution though– even if they can’t break your site, you won’t be able to install new plugins or themes on your site if you have them enabled.

 

Advanced and Paranoid Secure Site settings
Advanced Secure Site settings

 

The convenient thing about these settings though, is that to enable (or disable) these settings, you have to only select the ones you’d like to enforce or remove, enter your WordPress site’s FTP credentials, and select the folder that your WordPress site is installed from.

Hacked Files

This option only appears when you have a hack on your WordPress site. It identifies the hacked file for you and pinpoints it, so you can look specifically at that one file, if you want to. If you’d rather just clean out the hack with a single click, you can do so by clicking on the ‘Auto Clean’ button.

 

When you click on 'Hacked Files', a list of just the hacked files appears. You can choose to clean them automatically by clicking on the 'Auto Clean' button.

 

Auto Clean

Another feature that only appears when you have a hack, the Auto Clean function helps you remove malicious code on your site with a single click. Since we’ve built our cleaner to even identify complex hacks, you can choose to remove them immediately, without technical assistance.

Once you click on the Auto Clean function, you are taken to the form asking for your WordPress site’s FTP details.

 

Clicking on the 'Auto Clean' button takes you to the same FTP form that appeared for 'Migrate' and 'Auto Restore'
Clicking on the ‘Auto Clean’ button takes you to the same FTP form that appeared for ‘Migrate’ and ‘Auto Restore’

 

Once you enter your WordPress site’s FTP details, your site will be cleaned.

Scan now

One of the most revolutionary additions to our dashboard, the ‘Scan Now’ feature allows you to scan your site for hacks at any given point of time. Our malware scanner looks for hacks based on the actions the code performs, rather than signatures, or keywords. So no more backdoors, or recurring hacks. Before scanning your site, we run a backup so you always have the latest version of your site to fall back on.

 

 

When you click on 'Scan Now', the dashboard backs up your WordPress site
When you click on ‘Scan Now’, the dashboard backs up your WordPress site

 

Better Navigation

We’ve tried to make the new dashboard as functional as possible. One of the steps we’ve taken in this direction, is the addition of ‘Quick Links’ that help you download backups, migrate backups to a new location, or restore it with a click. This section also has ‘Resources’, which help give you a quick snapshot of everything you need to know about your WordPress site. Perfect for emergencies, the icons for these functions, and the information related to your site, are right under your site’s thumbnail, on the Site Details page.

 

Features and information on the left for better, easier navigation
Features and information on the left for better, easier navigation

 

Since these features are in-built into BlogVault’s dashboard, we backup your site automatically before making any changes to your WordPress site. This makes it a comprehensive solution to help you manage your site in the most secure way possible. BlogVault has always been focused on giving our customers the best experience, in the most reliable, sensible way, and we hope you’ll find our new makeover to be as practical as we intended it to be.

If you’ve got questions about the new dashboard, or suggestions, do reach out to us here.

 

WordPress site owners are constantly asked to update their sites. But keeping track of updates is incredibly difficult, because of the frequency and number of updates to be made. This is why automating updates might a useful practice.

 

Making sure your WordPress site is up to date could be an overwhelming process, since there are so many releases.

 

If there’s one piece of advice in the world of WordPress for site owners, it’s this: update, update, update. Updating WordPress is easy in theory, especially since all site-owners receive notifications about core and plugin updates. When it has to be put into practice, though, updating WordPress is its own beast. Not only might updates break WordPress sites; they might also cause incompatibilities, and be impossible to undo as well. This is why it’s important to always have a reliable backup solution for WordPress sites.

Updating WordPress is an important task though, because of new features that might impact user experience, but also security updates that help against major vulnerabilities. However, with WordPress receiving updates very frequently on the Core as well as the add-on front, it is difficult to keep up with all the changes, and apply them. This is why automating updates on WordPress sites might be a workable solution for you as a WordPress site owner.

Types of WordPress Updates

While updates for WordPress add-ons have both developmental as well as security updates, updates for WordPress core perform different functions. Based on these functions, WordPress Core updates can be categorized into:

  1. Release updates, which contain both Major and Minor releases.
    1. Major updates contain developmental changes including the addition of new features, or changes to core technologies on WordPress. Every major release is named after a major jazz musician.
    2. Minor updates contain security patches and fixes. As a result, they are highly recommended, and are automated by default on every installation of WordPress. Every WordPress site is recommended to run these updates since they contain important security updates that keep WordPress sites safe.
  2. Developmental updates, which are only for the changes that might be unstable– these updates are what future developments are built on. Also known as ‘bleeding edge’ updates, they are only meant for sites running the developmental version of WordPress.
  3. Translation updates (which are language packs), and come in handy if your WordPress site has multilingual support.

Depending on your comfort-level with code, and the time you’re willing to spend maintaining your site, you could automate your WordPress site’s updates manually, with the help of a plugin, or via managed WordPress services. Every method has its pros and cons, so it’s best to choose one with careful thought.

Automating WordPress Updates the Manual Way

This method will require you to make changes to your WordPress installation’s core files.

How to automate updates to WordPress Core the Manual Way

Updating WordPress Core includes making changes to the wp-config.php file.

WordPress contains a parameter called define( ‘WP_AUTO_UPDATE_CORE’) in the wp-config file. The value you assign this function determines WordPress release update is automated.

To Automate All WordPress Core Updates

Assign the value ‘true’ to the above function, as demonstrated:

define( ‘WP_AUTO_UPDATE_CORE’, true );

This will enable the automation of all release updates, developmental updates, and translation updates on your WordPress site.

To Only Automate WordPress Core Minor Release Updates

As mentioned, WordPress automatically makes Minor release and translation updates to your site. However, if you disabled all automatic updates by assigning the above function the value ‘false, you would have disabled Minor updates too. Just assign the value minor to the same function above, instead of true. This will disable all updates other than Minor updates, which keep your WordPress site secure.

Here’s how you do it:

define( ‘WP_AUTO_UPDATE_CORE’, minor );

 

How to Automate Updates to WordPress Add-ons the Manual Way

Automatically updating add-ons isn’t recommended by WordPress, since the developers’ updates might work for that plugin/theme, but might be incompatible with other add-ons or elements on your WordPress site. However, if your WordPress site is simple and has very few plugins/themes that are compatible with each other, it might not be as big a problem.

In order to manually configure your installation of WordPress to update plugins & themes, you have to make modifications to a filter called auto_update_$type, found in the wp-admin folder. The value assigned to $type determines which WordPress add-on is updated automatically.

To automatically update all plugins on your WordPress site, the filter must read:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );

To automatically update all themes on your WordPress site, the filter must read:

add_filter( ‘auto_update_theme’, ‘__return_true’ );

Pros of Manual Automation of Updates

  • The code isn’t complex, so it’s beginner friendly.
  • Manual automation is free.
  • WordPress site owners won’t have to install an extra plugin just to keep their site up to date.

Cons of Manual Automation of Updates

  • The changes have to be made to the WordPress wp-config.php files and the wp-admin folder. This might make some WordPress users uncomfortable, especially since changes to the WordPress core files are not recommended.
  • Making the changes to code might require some time, especially for WordPress novices.
  • If your site crashes with any update, you will have to check your site’s status after disabling each update manually.

 

Automating Your WordPress Site with Plugins

This method comes in handy for WordPress site-owners who do not want to tinker with code themselves, and don’t mind installing an extra plugin on their site. A couple of examples of plugins that help automate updates, are Advanced Automatic Updates, and WP Updates Settings.

How to Use the Advanced Automatic Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Locate the plugin under your WordPress site’s Settings tab, and click on it.

Using the Advanced Automatic Updates plugin

 

Step 3: Check the kind of updates you would like to automate on your WordPress site.

 

Updating Themes with the Advanced Automatic Updates plugin

 

If you would like notifications about these updates to be sent to an email address other than the one of the site owner, you can enter it here:

 

Notifications with Advanced Automatic Updates

 

As you can see, you can also disable email notifications about the same, and request for debug information (in case you’re running development updates).

How to Use the WP Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Just like for the Automatic Updates plugin, locate the Updates tab under your Settings tab, and click on it.

 

The WP Updates plugin shows up under Settings

 

Step 2: Choose the kind of WordPress Core release updates you would like to automate on your WordPress site.

 

Core Updates with the WP Updates plugin

 

Step 3: Choose whether you would like to automatically update add-ons on your WordPress site.

 

Plugin and theme updates with the WP Updates plugin

 

Step 4: If you’d like translation and developmental updates, click on the appropriate check-boxes.

 

Click on these checkboxes if you want other updates also to be automated.

 

Pros of Automating Your WordPress Updates With a Plugin

  • These plugins do the work for you: you don’t have to manually tinker with any code; they’ll do it for you.
  • Most plugins that automate WordPress sites allow you to enable or disable different updates with a single click.

Cons of Automating Your WordPress Updates With a Plugin

  • This will require you to install an extra plugin just for updating your WordPress site.
  • Some plugins only update WordPress core, while others will allow you to update add-ons as well.
  • You, as a WordPress site owner, will still need to weed out problems if your site crashes with updates.

Using Managed Services to Automate Your WordPress Site

There are two types of managed services you could use to automate updates on your WordPress site: managed WordPress hosting, and WordPress support and maintenance services.

Managed WordPress Hosting

These services help manage your WordPress site’s hosting issues, as well as a few issues related to your WordPress site as well. A couple of examples of managed WordPress hosting services/ managed WordPress hosting providers are Flywheel, and WP Engine. These services automate the update of your entire WordPress site, but after the following steps meant to benefit you no matter the state of compatibility of your WordPress site:

  1. The hosting provider checks their systems for compatibility with WP updates (whether this includes both core and add-on updates depends on the web host).
  2. They then mail you beforehand with the dates for your WordPress site’s update.
  3. Every managed hosting service performs a backup of your WordPress site before the update. Only after this do they perform the update.
  4. Once they perform the update, they check for issues.
  5. If your WordPress site is not compatible with the update, the managed hosting provider restores your site with the backup that they made.
  6. The service then mails you about the status of the update (successful/unsuccessful, and reasons if unsuccessful).
  7. If you’ve tested your site and found it incompatible, you can ask certain web hosting services to postpone updates till you fix the issue at hand.

Notes:

Plugin and theme updates are not done automatically by managed WordPress hosting services, simply because different plugins have settings that might conflict with each other and break your site.

If you’d still like to automate the updates of add-ons, you can get in touch with your WordPress host about the same.

Since each managed hosting service has different terms and conditions, and pricing plans, it is recommended that you read their documentation carefully, and then get in touch via email or from their in-website chat support.

Pros of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • You, as a WordPress site owner, don’t have to fiddle with the WordPress core files.
  • Your WordPress hosting service tests and runs WordPress updates for you.

Cons of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • Managed WordPress hosting comes at a price.
  • These services don’t take care of all the issues that might come up during updating your WordPress site. If your site has certain customizations that makes it incompatible with WordPress updates, these services might mail you asking for you to seek a professional developer’s assistance. This means even if you’re paying a premium price for managed hosting, you might also have to hire a WordPress developer separately.

WordPress Support and Maintenance Services

WordPress support and maintenance services (such as WP Curve, WP Maintainer, and Valet), are perfect for super-busy site owners who can afford to have a full-time service just for maintaining their WordPress sites. In terms of updates and maintenance, these services usually perform the following functions:

  1. Core and add-on updates.
  2. Support/repairs in case of incompatibility.
  3. Audit of the security and maintenance of your site so the chances of it breaking upon update are reduced.
  4. Regular backups to rely on in case of incompatibility with any update.

Similar to managed WordPress hosting services, it is recommended that you go through the list of their offerings, (and their pricing plans) carefully. All you have to do after that, is contact them over email, or from their respective websites.

Pros of Depending on WordPress Support and Maintenance Services

  • Since you are paying these services specifically to maintain your WordPress site, you can expect them to solve any problems you might have while updating your WordPress site.
  • You need not hire a developer to this end.

Cons of Depending on WordPress Support and Maintenance Services

  • These services come at a premium price, and usually require you to pay more in order to fix issues that might come up during updates. Each service has its own pricing plan.
  • A number of maintenance and support services do not provide free support, so if you run into issues with your site, it might be expensive to get them sorted out.

Automating your WordPress site might seem like an easy fix that will help your WordPress site stay up to date with security patches and new features, but it also comes with many caveats. Not only might updates your site break, but they might also be difficult to undo. This is why it is imperative for every WordPress site owner to maintain a recent, secure backup of their WordPress sites that can be relied on.

WordPress is a popular target for hackers because every website has something to offer them, and the returns on attacks are high.

 

Hackers gain something from every WordPress site

 

WordPress is the most popular CMS in the world, and a popular target for hackers too. The scale of the problem may make it seem like the hacks occur randomly and for random reasons. In reality, every website has something to offer hackers. The exact nature of the payoff also depends on the intentions of the hackers.

 

Hackers can be grouped into three categories, depending on the purpose behind their attacks:

White-hat hackers usually test a website or a computer system for vulnerabilities. They do not have malicious intent, and disclose vulnerabilities responsibly.

In the WordPress community, white hat hackers are either a part of a web security team, or are developers within the community who contribute by discovering vulnerabilities and helping protect the community against such risks.

Hacktivists, (who are ‘activists’ acting by means of hacking) target websites mostly to bring awareness to socio-political issues, but the means they pursue for these ends are questionable. This is why it’s difficult to categorise what they do. Most of the time, hacktivists deface websites, or publish sensitive information.
Examples for hacktivist defacing websites range from  Anonymous’ hack of the Phillipine Comelec that asks questions, to the defacement of the ISIS website with ads for performance-enhancing drugs. Hacktivists could also publish sensitive information. Examples of such attacks include the  Panama Papers leak, and the hack of the  CIA  and FBI websites that released officers’ personal information and put them in danger.

Since the classification of what hacktivists have to gain, and the means they use to achieve their ends can fall in gray areas, we’re going to exclude hacktivism from this article.

Black-hat hackers, who hack websites indiscriminately, purely because of more ‘materialistic’ gains. They exploit vulnerabilities to their own ends. Any website can be targeted by these hackers, since they are not looking to test a specific system for vulnerabilities, nor do they want to further a socio-political agenda.

 

What Black-hat hackers can gain from hacking websites

Black-hat hackers could gain one of three things from hacking websites:

  • Reputation
  • Access to resources
  • Information

 

Reputation

In terms of technical know-how, and the scale of the reputation they seek, black-hat hackers could be ‘script kiddies’, or ‘experienced hackers’.

‘Script kiddies’ depend on tools to perform hacks. While the scale of the havoc they wreak can vary in degree, they usually hack websites to be accepted, or to gain reputation among their peers. They usually don’t have criminal intent. However, the more they learn, the more they could move towards higher levels of experience and reputation.

Garnering reputation among other black-hat hackers depends not only on the technical know-how they have, but also on the damage they have the ability to wreak independently. This is when/why they move away from readily-available tools, and craft malicious code of their own that can bypass usual security measures on websites.

‘Experienced’ hackers look to earn a more ‘professional’ kind of reputation. You might know that there are black markets for the sale of illegal goods, but there are similar establishments for cybercrime too. One such black market/forum, was Darkode. Hackers have profiles on these websites and are ranked. These hackers look to earn higher ranks so that their ‘customers’ will pay more for their services, and their work will be recognized more.

How high a hacker’s rank is, on cybercrime forums, depends on:

  • The number of sites they’ve hacked.
  • How proficient they’ve been (the difficulty of the hack).
  • The reputation of the sites they’ve hacked.
  • How satisfied their customers are with their ‘service’.

In short, even if  your website has great security, it’s better for them: they get a better ranking if they succeed in hacking your site.

For example, if your site had tight security, and a hacker successfully retrieve contact information of all your customers, they only garner reputation and have no use for the information afterward. They could go ahead and publish it on the cybercrime forum so other hackers could use the information to send spam mail to your users, send them downloadable malicious code, or send them mails crafted for phishing.

 

Access to resources

The resources on your WordPress site include your site’s database, the server it’s hosted on, as well as the users and visitors to your site. Black hat hackers hack your website in order to gain access to these resources. Attackers have a number of ways that they could exploit your site’s resources:

  • They could plant malicious code on your site to do anything they need to do, without the action getting traced back to them. An example of this would be that of hackers planting malicious code on your server to send their spam mail to your site’s visitors. This would not only get your server blacklisted by mail servers, but also could lead to your WordPress site getting blacklisted by search engines (since it has malware).
  • They could use your site to perform Black Hat SEO practices that allow them to hijack your site’s traffic and redirect it to their own websites, or their customers’ websites. A common type of attack on WordPress sites that uses this technique is the WordPress Pharma hack.)
  • They might use malicious code on your site to trick the visitors of your site into downloading malicious software to their computers.
  • Cross-site scripting attacks  could be used to steal cookies from your site’s visitors and use their credentials.
  • They could use your server as a bot in a DDoS attack.
  • They could manipulate your site to trick users into entering sensitive information that could be used for phishing.
  • They could use ‘ransomware’, which is malicious software that doesn’t allow you access to your resources, your website, or important files on your website unless you pay up. Ransomware keeps popping up in tech news because of technology’s progression into the Internet of things (smart home appliances that can be connected to the internet). In the context of websites, ransomware could be used to either lock you out of your site, or encrypt all the data on your website until you meet the hacker’s demands. If you don’t give in to the hacker’s demands, they could keep all the data from your WordPress site to themselves until you do, or worse, delete it all. The only sensible way to protect yourself from such an attack, is to have a reliable WordPress backup solution that has updated backups of your site.

 

Information

As any website owner knows, information is probably the most important thing on a website. From your site’s data to your visitor’s data, all of the information on your website is unique to you, and is hence valuable.

Hackers could hack your site to retrieve information that belongs to your site’s visitors, such as their personal information(which includes contact information, photos, medical records and other information about their identity), or financial information.

Hackers could use this information in the following ways:

  • They could use it for their own purposes (such as to send spam mail). Sending spam mail from your website’s server could get it blacklisted by search engines, and other mail servers.
  • They could publish sensitive information from your site.
  • They could sell it to others looking for this kind of information.
  • They could also retrieve confidential information from your WordPress site (such as information about your investors), and ask you to pay a ransom to make sure it isn’t published, or sold.

 

Publishing sensitive information

Sensitive information on your website doesn’t have to just be related to the financial information … it could be anything that is specific to just your site, such as the personal information of your site’s users (like their email addresses), that could be used in line with malicious intent (to fulfill a job request, to damage the reputation of the company whose information they publish, to help other hackers send spam).

For example, a hacker could publish your users’ email addresses, to ruin your establishment’s reputation and the trust your customers have in you.

 

Selling sensitive information online

This is another dangerous way hackers target the information on your site.

While some hackers sell personal information of celebrities online (like in the case of Pippa Middleton’s iCloud photos that the hacker attempted to sell), in the past few years, a number of medical websites have been targeted.

This is because social security numbers, medical and healthcare information could prove to be more valuable in terms of identity theft than even financial credentials.

Hackers who sell financial information are in a race against time; they only get the best price for their hard work as long as the credentials are recent, and valid. If the people whose information was stolen, blocked their cards or switched banks, they don’t get paid. However, with identity-theft, the validity of the crime is much longer; and the payoffs for the buyer is considerably higher.

The parties that buy this information could use it to:

  • Create online loan applications
  • Create applications online for credit cards
  • Apply for prescription drugs
  • Create fake IDs

This poses a serious risk for any website, but especially for those that store any sort of user-information.

 

With reasons/aims like these, it’s no wonder that hackers continue to do what they do. They know that there is no such thing as a secure website, so any website can be hacked, and used to any end. The returns for them on hacking websites is high. This is why hackers who seek to obtain information or access to resources on your site make sure to keep their tracks hidden. They do this in order to utilise your site for as long as they can, and make sure to leave backdoors in inconspicuous file so that they can always gain access back to your site.

This is why the best way to stay safe is to have a solid disaster recovery plan in place. The prime element in such a plan, would definitely be a WordPress backup solution like BlogVault that is truly reliable, and an intelligent malware scanner+cleaner, like MalCare, that leaves no malicious code behind.