Yup, at the weekend, the DanHarrison.co.uk site was compromised by an Algerian ‘hacking’ team. However, despite good security practices, the site still got hacked. I followed the most basic rules, such as keeping all plugins and the main WordPress install up-to-date, as well as strong passwords. And I still got hacked.

Just to be clear, these are the basic security principles I always abide by:

• WordPress installation is always up to date.
• All plugins are updated pretty much as soon as they are updated.
• All database, ftp and account passwords are long and random (digits, characters, symbols, etc).
• No password is used for any other site I own
• File permissions are set at the most strict – depending on what’s required.
• I keep regular file and database backups. All automated to backup every single day.

However, despite all of that, I was still hacked. I am working my way through JT Pratt’s security guide as a basis for making the site more secure. Essentially I’m locking down everything I can. However, with having many websites, I want to automate it as much as possible to save me time. Just before you ask, someone I know with 0 plugins still got hacked.

There’s a high chance of getting hacked at some point because you’re running a dynamic website. However, doing everything you can to make it too much effort for a hacker is a very good idea. And if nothing else, make sure you regularly backup your website!

Updates

Here are some more useful security articles I’ve since discovered:

• WordPress Security Tips (more plugin ideas and advice)

Just a short article with a couple of tips today. Do you backup your websites regularly, if so, how often? And when developing a new website, do you use any kind of version management tool? If you rely on any website to make you money, you should be doing both!

Backups

The justification for backups is pretty obvious and substantial. How would you fix a situation where…

• Your web host gets hacked?
• Your web host goes bust, and the hosting services are revoked immediately?
• You accidentally do something that corrupts your site’s database?
• Your site gets hacked, destroying all or part of your file system and/or databases?

You get the idea. Having both backups of files and databases is very important. I’ve needed my backups about 5 times in the last 2 years, each time saving me several days and weeks of effort to fix a problem.

How often should you backup? Well, how long is a piece of string? My guidance is to backup files daily, and backup databases at a rate that roughly represents how frequently your site is updated. Perhaps 3 times a day, perhaps just once a day.

Regardless of how often you do backup, there will come a time when you are grateful for having those backups. There are so many different backup tools, it depends on your own personal setup. But, if you’re not very technical, it’s worth spending some money on a good backup tool.

Version Management

Version management is a little more debateable in terms of how important it is. How often have you developed a website, and thought, “actually, I prefer it the way it was 2 weeks ago”?

If you have multiple website developers, version management tools help you to control how code evolves during a project. If you’re the sole developer, it acts as a fine-grained backup tool, allowing you to access prior versions of code with ease.

I personally use Subversion, which integrates nicely with Windows Explorer and Eclipse PHP Developer Tools (Eclipse PDT) with Subclipse.